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TITLE OF THE INVENTION 



DIGITAL CONTENT PROTECTION SYSTEM 

5 

This application is based on applications Nos . H10- 
295920 and H10-339027 filed in Japan, the content of which is 
hereby incorporated by reference. 

10 

BACKGROUND OF THE INVENTION 

1. Field of the Invention 

The present invention relates to a system for 
distributing digital contents, such as digitized documents, 
15 audio, images, and programs, via a network to allow users to 
record the contents on recording media and to reproduce the 
recorded contents. In particular, the present invention 
relates to a system for protecting digital contents from 
unauthorized recording and reproduction. 

20 

2. Description of the Related Art 

In recent years, techniques for distributing digital 
contents, such as digitized documents, audio, images, and 
programs, via networks, such as the Internet, have been 
25 devised. The techniques allow users to easily record and 
reproduce the distributed contents. 

While having an advantage that users can easily 
replicate digital contents, the techniques also have a 
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problem that copyrights owned by authors of the digital 
contents can be easily infringed. 

SUMMARY OF THE INVENTION 
5 The object of the present invention is to provide a 

digital content protection system, a digital content 
protection method, a digital content protection program 
recorded on a recording medium, and a digital content 
protection program that is sent via a communication line, 

10 each of which prevents unauthorized recording of a digital 
content obtained from the outside onto a recording medium and 
unauthorized reproduction of a digital content recorded on a 
recording medium. 

The stated object is achieved by a digital content 

15 protection system that enables a digital content to be used 
and includes a recording medium apparatus having a storage 
area for holding digital content information and an access 
apparatus that reads information from and writes information 
into the storage area, the digital content protection system 

20 operating according to the following phases: an 
authentication phase where the recording medium apparatus 
secretly transmits an inherent key to the access apparatus, 
and the recording medium apparatus and the access apparatus 
perform mutual authentication using the inherent key, the 

25 inherent key being information that is unique to the 
recording medium apparatus; and a content transfer phase, 
performed only when the recording medium apparatus and the 
access apparatus have successfully authenticated each other, 
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where the access apparatus either (a) encrypts a digital 
content using the secretly transmitted inherent key and sends 
the encrypted digital content to the recording medium 
apparatus or (b) receives an encrypted digital content from 
5 the recording medium apparatus and decrypts the encrypted 
digital content using the secretly transmitted inherent 
key . 

With this construction, the digital content 
protection system of the present invention prevents the 

10 transfer of contents from an authorized apparatus to an 
unauthorized apparatus. This prevents contents that have 
been properly obtained from being used without a proper 
authorization. The transfer of contents from an unauthorized 
device to an authorized device is also prevented. As a 

15 result, the digital content protection system of the present 
invention prevents illegally obtained contents from being 
reused. 

Here, the recording medium apparatus may include a 
first calculation unit, and the access apparatus may include 

20 a first authentication information generating unit and a 
first authentication unit, where while the access apparatus 
judges whether the recording medium apparatus is legitimate 
in the authentication phase, the first authentication 
information generating unit generates first authentication 

25 information and outputs the first authentication information 
to the recording medium apparatus, the first calculation unit 
receives the first authentication information, generates 
first calculated authentication information by performing a 
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first calculation on the received first authentication 
information using the inherent key, and outputs the first 
calculated authentication information to the access 
apparatus, and the first authentication unit judges whether 
5 the recording medium apparatus is legitimate from the first 
authentication information and the first calculated 
authentication information using the secretly transmitted 
inherent key. 

Here, the access apparatus may include a second 

10 calculation unit, and the recording medium apparatus may 
include a second authentication information generating unit 
and a second authentication unit, where while the recording 
medium apparatus judges whether the access apparatus is 
legitimate in the authentication phase, the second 

15 authentication information generating unit generates second 
authentication information and outputs the second 
authentication information to the access medium apparatus, 
the second calculation unit receives the second 
authentication information, generates second calculated 

20 authentication information by performing a second calculation 
on the received second authentication information using the 
secretly transmitted inherent key, and outputs the second 
calculated authentication information to the recording medium 
apparatus, and the second authentication unit judges whether 

25 the access apparatus is legitimate from the second 
authentication information and the second calculated 
authentication information using the inherent key. 

With this construction, the recording medium 
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apparatus and the access apparatus perform mutual 
authentication. 

Here, the recording medium apparatus may further 
include a first encryption unit and an inherent key storing 
5 unit for prestoring the inherent key, and the access 
apparatus may further include a first decryption unit, where 
while the recording medium apparatus secretly transmits the 
inherent key to the access apparatus in the authentication 
phase, the first encryption unit generates an encrypted 

10 inherent key by applying a first encryption algorithm to the 
inherent key and outputs the encrypted inherent key to the 
access apparatus, and the first decryption unit receives the 
encrypted inherent key and generates a decrypted inherent key 
by applying a first decryption algorithm to the encrypted 

15 inherent key, the first decryption algorithm being used to 
decrypt cipher text generated with the first encryption 
algorithm. 

With this construction, because the inherent key is 
encrypted and is transferred from the recording medium 
20 apparatus to the access apparatus, the possibility that the 
inherent key is uncovered is reduced. 

Here, the first key and the second key may be the 
same master key, and the first decryption unit may decrypt 
the encrypted inherent key using the second key that is the 
25 same as the first key. 

With this construction, the recording medium 
apparatus and the access apparatus store the same master key. 
As a result, the recording medium apparatus and the access 
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apparatus are produced without difficulty. 

Here, the first key may be a public key that is 
calculated from the second key according to a public key 
determination algorithm of a public key cryptosystem, the 
5 first encryption algorithm may be an encryption algorithm of 
the public key cryptosystem, and the first decryption 
algorithm may be a decryption algorithm of the public key 
cryptosystem, where the first encryption unit encrypts the 
inherent key according to the encryption algorithm of the 

10 public key cryptosystem using the first key that is the 
public key, and the first decryption unit decrypts the 
encrypted inherent key according to the decryption algorithm 
of the public key cryptosystem using the second key. 

With this construction, the first key that is a 

15 public key differs from the second key that is a secret key. 
Therefore, even if the secret key stored in a card reader or 
a card writer is uncovered, it is impossible to obtain the 
public key from the secret key. This makes it difficult to 
make the counterfeit of the recording medium apparatus. 

20 Here, the second key may be a public key that is 

calculated from the first key according to a public key 
determination algorithm of a recovery signature processing 
method, the first encryption algorithm may be a signature 
processing algorithm of the recovery signature processing 

25 method, the first encryption unit may generate the encrypted 
inherent key that is a. signature text by applying the first 
encryption algorithm to the inherent key using the first key, 
the first decryption algorithm may be a verification 
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processing algorithm of the recovery signature processing 
method, and the first decryption unit may generate" the 
decrypted inherent key by applying the first decryption 
algorithm to the encrypted inherent key that is the signature 
5 text using the second key. 

With this construction, enormous amounts of 
calculation need to be performed to obtain the secret key Ks 
from the public key Kp. As a result, it is very difficult to 
calculate the secret key Ks from the public key Kp. 

10 Therefore, the security level of a digital content service 
system can be enhanced in total by assigning a secret key to 
a memory card and assigning a public key to a memory card 
writer or a memory card reader. This is because the memory 
card writer and the memory card reader generally have the 

15 high possibilities that their internal constructions are 
analyzed, in comparison with the memory card. 

Here, the recording medium apparatus may further 
include: a first master key storing unit for prestoring a 
first master key group that includes a plurality of master 

20 keys; and a first selection unit for selecting a master key 
out of the first master key group as a first key, and the 
access apparatus may further include: a second master key 
storing unit for prestoring a second master key group that 
includes a plurality of master keys, the first master key 

25 group and the second master key group include the same 
plurality of master keys; and a second selection unit for 
selecting a master key out of the second master key group as 
a second key, the second key being the same as the first key, 
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where the first encryption unit encrypts the inherent key 
using the master key selected as the first key, and the first 
decryption unit decrypts the encrypted inherent key using the 
master key selected as the second key. 
5 With this construction, each of the recording medium 

apparatus and the access apparatus stores a plurality of 
master keys. Therefore, the digital content protection 
system of the present invention can be applied to a plurality 
of digital content service systems. 

10 Here, the first encryption unit may prestore a first 

subgroup key, generate a transformed key by performing a 
first conversion on the inherent key using the first subgroup 
key, and generate the encrypted inherent key by applying the 
first encryption algorithm to the transformed key, and the 

15 first decryption unit may prestore a second subgroup key that 
is the same as the first subgroup key, generate a decrypted 
transformed key by applying the first decryption algorithm to 
the encrypted inherent key, and generate the decrypted 
inherent key by performing an inversion operation of the 

20 first conversion operation on the decrypted transformed key 
using the second subgroup key. 

With this construction, when a digital content 
service system is run by a plurality of groups, a plurality 
of subgroup keys whose number is equal to the number of the 

25 groups are generated and each of the plurality of subgroup 
keys is assigned to one of the plurality of groups. This 
allows each group to provide its own service. Also, in many 
cases, the number of master keys that can be stored in a 



memory card is restricted due to the limited storage capacity 
of the memory card. However, the digital content protection 
system of the present invention increases the number of 
available keys by combining a master key and subgroup keys. 
5 Here, the first encryption unit may prestore a first 

subgroup key, generate a cipher text by applying the first 
encryption algorithm to the inherent key, and generate the 
encrypted inherent key by performing a first conversion 
operation on the cipher text using the first subgroup key, 

10 and the first decryption unit may prestore a second subgroup 
key that is the same as the first subgroup key, generate a 
decryption text by performing an inverse operation of the 
first conversion operation on the encrypted inherent key 
using the second subgroup key, and generate the decrypted 

15 inherent key by applying the first decryption algorithm to 
the decryption text. 

With this construction, when a digital content 
service system is run by a plurality of groups, the digital 
content protection system of the present invention allows 

20 each group to provide its own service in the same manner 
described above. Also, the digital content protection system 
of the present invention increases the number of available 
keys by combining a master key and subgroup keys. 

Here, the recording medium apparatus may further 

25 include a first key storing unit for prestoring a first key 
that is a master key, and the access apparatus may further 
include a second key storing unit for prestoring a second key 
that is the same master key as the first key, where the first 
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encryption unit prestores a first subgroup key, generates an 
encrypted first key by performing a first conversion 
operation on the first key using the first subgroup key, and 
generates the encrypted inherent key by applying the first 
5 encryption algorithm to the inherent key using the encrypted 
first key, and the first decryption unit prestores a second 
subgroup key that is the same as the first subgroup key, 
generates an encrypted second key by performing a second 
conversion operation, which is the same as the first 

10 conversion operation, on the second key using the second 
subgroup key, and generates the decrypted inherent key by 
applying the first decryption algorithm to the encrypted 
inherent key using the encrypted second key. 

With this construction, when a digital content 

15 service system is run by a plurality of groups, the digital 
content protection system of the present invention allows 
each group to provide its own service in the same manner 
described above. Also, the digital content protection system 
of the present invention increases the number of available 

20 keys by combining a master key and subgroup keys. 

Here, the first calculation unit may prestore a first 
subgroup key, generate a transformed inherent key by 
performing a first conversion operation on the inherent key 
using the subgroup key, and generate the first calculated 

25 authentication information by performing the first 
calculation on the first authentication information using the 
transformed inherent key, and the third calculation unit may 
prestore a second subgroup key that is the same as the first 
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subgroup key, generate a decrypted transformed inherent key 
by performing an inversion operation of the first conversion 
operation on the secretly transmitted inherent key using the 
subgroup key, and generate the third calculated 
5 authentication information by performing a calculation that 
is the same as the first calculation on the first 
authentication information using the decrypted transformed 
inherent key. 

With this construction, when a digital content 

10 service system is run by a plurality of groups, the digital 
content protection system of the present invention allows 
each group to provide its own service in the same manner 
described above. Also, the digital content protection system 
of the present invention increases the number of available 

15 keys by combining a master key and subgroup keys. 

Here, when the recording medium apparatus and the 
access apparatus have successfully authenticated each other, 
in the content transfer phase, the access apparatus may 
either (c) generate at least one data block by dividing a 

20 digital content, generate a data block key for each data 
block, generate at least one encrypted data block by 
encrypting each data block using the secretly transmitted 
inherent key and a data block key that corresponds to the 
data block, and transfer each encrypted data block to the 

25 recording medium, or (d) receive at least one encrypted data 
block of an encrypted digital content from the recording 
medium apparatus, generate a data block key for each data 
block, and generate at least one data block by decrypting 
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each encrypted data block using the secretly transmitted 
inherent key and a data block key that corresponds to the 
encrypted data block, where each data block has one of a 
logical length and a physical length, and each encrypted data 
5 block has one of a logical length and a physical length. 

With this construction, the digital content 
protection system generates a data block key unique to each 
data block of a content and encrypts the data block using the 
data block key. Because this makes it difficult for third 

10 parties to intercept data blocks, the digital content 
protection system of the present invention achieves a high 
security for the data blocks . 

Here, when the recording medium apparatus and the 
access apparatus have successfully authenticated each other, 

15 in the content transfer phase, the access apparatus may 
either (e) generate a file key for a file of a digital 
content, generate an encrypted file by encrypting the file 
using the secretly transmitted inherent key and the file key, 
and transfer the encrypted file and information concerning 

20 the file key to the recording medium, or (f) receive, from 
the recording medium apparatus, an encrypted file of an 
encrypted digital content and information concerning a file 
key that corresponds to the encrypted file, generate a 
decrypted file by decrypting the encrypted file using the 

25 secretly transmitted inherent key and the information 
concerning the file key, and reproduce the decrypted file. 

With this construction, a file key inherent in each 
file of a content is generated and the files are encrypted 
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using the file keys. Because this makes it difficult for 
third parties to intercept the files, the digital content 
protection system of the present invention achieves a high 
security for the files . 
5 Here, when the recording medium apparatus and the 

access apparatus have successfully authenticated each other, 
in the content transfer phase, the access apparatus may 
either (i) receive a user key from an operator, generates a 
transformed key from the user key and the secretly 

10 transmitted inherent key, generate an encrypted digital 
content by encrypting a digital content using the transformed 
key, and transfer the encrypted digital content to the 
recording medium, or (j) receive an encrypted digital content 
from the recording medium apparatus, generate a transformed 

15 key from a user key inputted from an operator and the 
secretly transmitted inherent key, and generate a decrypted 
digital content by decrypting the encrypted digital content 
using the transformed key. 

With this construction, a user encrypts a content and 

20 decrypt the encrypted content using a user key set by 
himself /herself . Therefore, the digital content protection 
system of the present invention protects a content owned by 
a user from being decoded by others. 

Here, the digital content protection system may 

25 further include an encrypted inherent key generation 
apparatus, where the digital content protection system 
further operates according to an encrypted inherent key 
setting phase where the encrypted inherent key generation 
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apparatus generates an encrypted inherent key by encrypting 
the inherent key sent from the recording medium apparatus and 
sends the encrypted inherent key to the recording medium 
apparatus, and the recording medium apparatus holds the 

5 encrypted inherent key sent from the encrypted inherent key 
generation apparatus, where in the authentication phase, the 
recording medium apparatus sends the encrypted inherent key 
to the access apparatus, and the access apparatus generates 
a decrypted inherent key by decrypting the encrypted inherent 

10 key secretly sent from the recording medium apparatus and 
judges whether the recording medium apparatus is legitimate 
using the decrypted inherent key. 

With this construction, the recording medium 
apparatus does not need to include a conversion unit. As a 

15 result, the hardware scale of the recording medium apparatus 
is reduced. 



BRIEF DESCRIPTION OF THE DRAWINGS 

These and other objects, advantages and features of 
20 the invention will become apparent from the following 
description thereof taken in conjunction with the 
accompanying drawings which illustrate a specific embodiment 
of the invention. In the drawings: 

Fig. 1 is a block diagram of the digital content 
25 protection system 100 of the first embodiment of the present 
invention; 

Fig. 2 shows a state where the memory card 2 00 is 
placed in the memory card writer 300 and the memory card 
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writer 300 is placed in the personal computer 500; 

Fig. 3 shows a state where the memory card 200 is 
placed in the headphone stereo 401 that is the memory card 
reader 400; 

5 Fig. 4 is a block diagram showing the construction of 

the memory card 200; 

Fig. 5 is a block diagram showing the construction of 
the memory card writer 300; 

Fig. 6 is a block diagram showing the construction of 
10 the memory card reader 400; 

Fig. 7 is a flowchart showing the operation outline 
in the case where the memory card 200 is placed in the memory 
card writer 300; 

Fig. 8 is a flowchart showing the operation outline 
15 in the case where the memory card 200 is placed in the memory 
card reader 400; 

Fig. 9 shows the authentication operation in the case 
where the memory card 200 is placed in the memory card writer 
300; 

20 Fig. 10 shows the authentication operation performed 

by the memory card writer 300 to judges whether the memory 
card 200 is an authorized device; 

Fig. 11 is a block diagram showing the construction 
of the digital content protection system 100a of the second 
25 embodiment; 

Fig. 12 shows the authentication operations in the 
case where the memory card 200a is placed in the media 
inherent key information generating device 600 and in the 
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case where the memory card 200a is placed in the memory card 
writer 300; 

Fig. 13 shows the authentication operation of the 
digital content protection system of a modification of the 
5 first embodiment in the case where the memory card 200 is 
placed in the memory card writer 300; 

Fig. 14 is a block diagram showing the construction 
of the memory card 200c in the digital content protection 
system 100c of the third embodiment; 
10 Fig. 15 is a block diagram showing the construction 

of the memory card writer 300c in the digital content 
protection system 100c of the third embodiment; 

Fig. 16 is a block diagram showing the construction 
of the memory card reader 400c in the digital content 
15 protection system 100c of the third embodiment; 

Fig. 17 is a block diagram showing the construction 
of the digital content protection system lOOd of the fourth 
embodiment ; 

Fig. 18 shows the operation of the digital content 
20 protection system lOOd; 

Fig. 19 is a block diagram showing the construction 
of the digital content protection system lOOe of the fifth 
embodiment ; 

Fig. 20 shows the authentication operation of the 
25 digital content protection system lOOe; 

Fig. 21 is a block diagram showing the construction 
of the digital content protection system lOOf of the sixth 
embodiment; 
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Fig. 22 shows the authentication operation of the 
digital content protection system lOOf; 

Fig. 23 is a block diagram showing the construction 
of the digital content protection system 10 Og of the seventh 
5 embodiment; 

Fig. 24 shows the authentication operation of the 
digital content protection system lOOg; 

Fig. 25 is a block diagram showing the construction 
of the digital content protection system lOOh of the eighth 
10 embodiment; 

Fig. 26 is another block diagram showing the 
construction of the digital content protection system lOOh; 

Fig. 27 shows the operation outline of the digital 
content protection system lOOh in the case where the memory 
15 card 200 is placed in the memory card writer 300h; 

Fig. 28 shows the operation outline of the digital 
content protection system lOOh in the case where the memory 
card 200 is placed in the memory card reader 400h; 

Fig. 29 is a block diagram showing the construction 
20 of the digital content protection system lOOi of the ninth 
embodiment; 

Fig. 30 is another block diagram showing the 
construction of the digital content protection system lOOi; 

Fig. 31 shows the operation outline of the digital 
25 content protection system lOOi in the case where the memory 
card 200i is placed in the memory card writer 300i; 

Fig. 32 shows the operation outline of the digital 
content protection system lOOi in the case where the memory 
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card 200i is placed in the memory card reader 400i; 

Fig. 33 is a block diagram showing the construction 
of the digital content protection system lOOi of a 
modification; 

5 Fig. 34 is a block diagram showing the construction 

of the digital content protection system lOOi of another 
modification; and 

Fig. 35 shows the authentication operation in the 
case where the memory card 200j is placed in the memory card 
10 writer 300j . 



DESCRIPTION OF THE PREFERRED EMBODIMENTS 
<First Embodiment> 

The following is a description of a digital content 
15 protection system 100 of the first embodiment of the present 
invention. 



1. Construction of Digital content protection System 100 

The digital content protection system 100 includes a 
20 memory card 200, a memory card writer 300, and a memory card 
reader 400, as shown in Fig. 1. 

The memory card 200 is placed in the memory card 
writer 300 through a memory card slot 301, as shown in Fig. 

2. The memory card writer 300 is placed in a personal 
25 computer 500 through a memory card writer slot 501. The 

personal computer 500 is connected to a network, such as the 
Internet, via a communication line 10. As a result, the 
memory card writer 300 is connected to the outside through 
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the mediation of the personal computer 500. 

The personal computer 500 includes a display 503, a 
keyboard 504, speakers 502, a processor, a RAM, a ROM, and a 
hard disc apparatus. The processor, RAM, ROM, and hard disc 
5 apparatus are not shown in Fig. 2. 

The memory card 200 is placed in the memory card 
reader 4 00. As shown in Fig. 3, the memory card 2 00 is 
placed in a headphone stereo 401 (the memory card reader 4 00 
in this embodiment) through a memory card slot 403. Buttons 

10 404a, 404b, 404c, and 404d are provided on the top of the 
headphone stereo 401. Also, the memory card slot is provided 
on a side of the headphone stereo 401 and a headphone 4 02 is 
connected to another side of the headphone stereo 401. 

A user places the memory card 200 in the personal 

15 computer 500 through the mediation of the memory card writer 
300, receives digital contents, such as music data, from the 
outside via the Internet and records the received contents on 
the memory card 200. After recording, the user places the 
memory card 200 in the headphone stereo 401 and reproduces 

20 the contents recorded on the memory card 2 00 using the 
headphone stereo 401. 

1.1 Construction of Memory Card 200 

Fig. 4 shows the construction of the memory card 200. 
25 As shown in this drawing, the memory card 200 includes a 
master key storing unit 210, a media inherent key storing 
unit 220, a conversion unit 230, a media inherent key 
information storing unit 240, an apparatus key storing unit 
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221, an inversion unit 222, an apparatus key information 
storing unit 223, a mutual authentication unit 250, encrypted 
content storing unit 2 60, a communication unit 270, and a 
control unit 280. 
5 When the memory card 200 is placed in the memory card 

writer 300, the communication unit 270 is connected to a 
communication unit 34 0 (described later) of the memory card 
writer 300. 

On the other hand, when the memory card 200 is placed 
10 in the memory card reader 400, the communication unit 270 is 
connected to a communication unit 440 (described later) of 
the memory card reader 4 00. 

1.1.1 Master Key Storing Unit 210 

15 The master key storing unit 210 includes a 

semiconductor memory and prestores a master key Mk that is a 
56-bit bit string. Different master keys are assigned to 
respective digital content service systems. Also, the same 
master key is prestored in the master key storing units of 

20 all memory cards for use in a specific digital content 
service system even if the memory cards are produced by 
different manufacturers. 

Here, the digital content service systems are, for 
instance, a music delivery system that is cooperatively run 

25 by A, B, and C companies and a movie rental system that is 
cooperatively run by X, Y, and Z companies. 

1.1.2 Media Inherent Key Storing Unit 220 
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The media inherent key storing unit 220 includes a 
semiconductor memory and prestores an inherent key Ki that is 
a 56-bit bit string. Different inherent keys are assigned to 
respective memory cards. The inherent key of each memory 
5 card is obtained by performing a given calculation, such as 
addition, on a production number that is inherent in each 
memory card and a random number that is randomly generated 
when each memory card is produced. 

10 1.1.3 Conversion unit 230 

The conversion unit 230 includes a processor, a ROM 
(Read Only Memory) for storing programs, and a RAM (Random 
Access Memory) for providing a work area. The conversion 
unit 230 reads the inherent key Ki from the media inherent 
15 key storing unit 22 0 and reads the master key Mk from the 
master key storing unit 210. 

The conversion unit 230 also prestores an encryption 
algorithm El that conforms to DES (Data Encryption 
Standard) . 

20 Here, the size of each encryption key used for the 

encryption algorithm El is 56 bits. Also, the length of each 
plain text that is to be encrypted using the encryption 
algorithm El is 64 bits. Furthermore, the length of each 
cipher text that is generated using the encryption algorithm 

25 El is 64 bits. It should be noted here that in this 
specification, the encryption algorithm and the decryption 
algorithm conform to DES, unless otherwise stated. Also, in 
this specification, the size of each encryption key is 56 
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bits, the size of each decryption key is 56 bits, the length 
of each plain text is 64 bits, and the length of each cipher 
text is 64 bits. 

The conversion unit 230 generates an encrypted 
5 inherent key Ji by applying the encryption algorithm El to 
the inherent key Ki read from the media inherent key storing 
unit 220. Here, the conversion unit 230 uses the master key 
Mk read from the master key storing unit 210 as the key of 
the encryption algorithm El- It should be noted here that in 
10 this specification, the encrypted inherent key Ji is 
expressed by Formula 1 given below. 

<Formula 1> 

Ji=El (Mk,Ki) 

15 

Also, in this specification, the generation of a 
cipher text C by applying an encryption algorithm E to a 
plain text M using a key K is expressed by Formula 2 given 
below . 

20 

<Formula 2> 

C=E (K,M) 

Furthermore, in this specification, the generation of 
25 the plain text M by applying a decryption algorithm D to the 
cipher text C using the key K is expressed by Formula 3 given 
below . 
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<Formula 3> 

M=D (K,C) 

As described above, the cipher text C is generated by 
5 applying the encryption algorithm E to the plain text M using 
the key K and the plain text M is generated by applying the 
decryption algorithm D to the cipher text C using the key K. 
Therefore, the relation between the encryption algorithm E 
and the decryption algorithm D can be expressed by Formula 4 
10 given below. 

<Formula 4> 

E=crpt (D) 

15 The conversion unit 230 outputs the encrypted 

inherent key Ji to the media inherent key information storing 
unit 240. 

1.1.4 Media Inherent Key Information Storing Unit 240 
20 The media inherent key information storing unit 240 

includes a semiconductor memory, receives the encrypted 
inherent key Ji from the conversion unit 230, and holds the 
encrypted inherent key Ji . 

25 1.1.5 Mutual Authentication unit 250 

The mutual authentication unit 250 includes a random 
number generating unit 251, an encryption unit 252, a 
decryption unit 253, and a mutual authentication control unit 
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254. Each element of the mutual authentication unit 250 
includes a processor, a ROM for storing programs, and a RAM 
for providing a work area. 

(1) Random Number Generating Unit 2 51 

5 The random number generating unit 251 generates a 

random number R2 that is a 64-bit bit string, and outputs the 
random number R2 to the communication unit 270 and the mutual 
authentication control unit 254. 

(2) Encryption Unit 252 

10 The encryption unit 252 prestores an encryption 

algorithm E2 that conforms to DES . 

The encryption unit 252 first receives a random 
number Rl from the communication unit 27 0 and reads the 
inherent key Ki from the media inherent key storing unit 

15 220. 

The encryption unit 252 then generates an encrypted 
random number SI by applying the encryption algorithm E2 on 
the random number Rl using the inherent key Ki as the key of 
the encryption algorithm E2 . The encrypted random number SI 
20 can be expressed by Formula 5 given below. 

< Formula 5> 

S1=E2 (Ki, Rl ) 

25 The encryption unit 252 finally outputs the encrypted 

random number SI to the communication unit 270. 

(3) Decryption Unit 253 

The decryption unit 253 prestores an decryption 



24 



algorithm D2 that conforms to DES . 

The decryption unit 253 first receives an encrypted 
random number S2 from the communication unit 270 and reads an 
apparatus key A'j from the apparatus key storing unit 221. 
5 The decryption unit 253 then generates a random 

number R'2 by applying the decryption algorithm D2 to the 
encrypted random number S2 using the apparatus key A'j as the 
key of the decryption algorithm D2 . The generated random 
number R'2 can be expressed by Formula 6 given below. 

10 

<Formula 6> 

R'2=D2 (A'j,S2) 

=D2 (A'j,E2(Aj / R2) ) 

15 The decryption unit 253 finally outputs the random 

number R'2 to the mutual authentication control unit 254. 
(4) Mutual Authentication Control Unit 254 

The mutual authentication control unit 254 first 
receives the random number R'2 from the decryption unit 253 

20 and receives the random number R2 from the random number 
generating unit 251. 

The mutual authentication control unit 254 then 
compares these random numbers. If the random number R'2 
matches the random number R2, the mutual authentication 

25 control unit 254 judges that the memory card writer 300 or 
the memory card reader 400 in which the memory card 2 00 is 
placed is an authorized device (legitimate) ; if not, the 
mutual authentication control unit 254 judges that the memory 
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card writer 300 or the memory card reader 400 is an 
unauthorized device. 

The mutual authentication control unit 254 finally 
outputs an authentication signal showing whether the memory 
5 card writer 300 or the memory card reader 400 is an 
authorized device to the control unit 280. 

1.1.6 Encrypted Content Storing Unit 2 60 

The encrypted content storing unit 2 60 includes a 
10 semiconductor memory, receives encrypted partial contents Fi 
(where 1=1,2,3,...) from the communication unit 270, and 
holds the encrypted partial contents Fi . 

1.1.7 Communication Unit 270 

15 The communication unit 270 reads the encrypted 

inherent key Ji from the media inherent key information 
storing unit 240 and outputs the encrypted inherent key Ji to 
the communication unit 34 0 of the memory card writer 300 or 
to the communication unit 440 of the memory card reader 

20 400. 

The communication unit 270 also receives the random 
number Rl from the communication unit 340 of the memory card 
writer 300 or the communication unit 440 of the memory card 
reader 400 and outputs the random number Rl to the encryption 
25 unit 252 of the mutual authentication unit 250. 

The communication unit 270 further receives the 
encrypted random number SI from the encryption unit 252 and 
outputs the encrypted random number SI to the communication 
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unit 34 0 of the memory card, writer 300 or the communication 
unit 440 of the memory card reader 400. 

The communication unit 27 0 also receives an encrypted 
apparatus key Bj from the communication unit 340 of the 
5 memory card writer 300 or the communication unit 440 of the 
memory card reader 400 and outputs the encrypted apparatus 
key Bj to the apparatus key information storing unit 223. 

The communication unit 27 0 also receives the random 
number R2 from the random number generating unit 251 and 
10 outputs the random number R2 to the communication unit 340 of 
the memory card writer 300 or the communication unit 44 0 of 
the memory card reader 4 00. 

The communication unit 270 also receives the 
encrypted random number S2 from the communication unit 340 of 
15 the memory card writer 300 or the communication unit 440 of 
the memory card reader 400 and outputs the encrypted random 
number S2 to the decryption unit 253 of the mutual 
authentication unit 250. 

On receiving a communication termination signal from 
20 the control unit 280, the communication unit 270 terminates 
the communication with the communication unit 34 0 of the 
memory card writer 30 0 or the communication unit 4 40 of the 
memory card reader 400. 

The communication unit 270 also receives the 
25 encrypted partial contents Fi (where 1=1,2,3,...) from the 
communication unit 34 0 of the memory card writer 30 0 and 
outputs the encrypted partial contents Fi to the encrypted 
content storing unit 2 60. 
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The communication unit 27 0 furthermore reads the 
encrypted partial contents Fi from the encrypted content 
storing unit 2 60 and outputs the encrypted partial contents 
Fi to the communication unit 440 of the memory card reader 
5 400. 

1.1.8 Apparatus Key Information Storing Unit 223 

The apparatus key information storing unit 223 
includes a semiconductor memory, receives the encrypted 
10 apparatus key Bj from the communication unit 27 0, and holds 
the encrypted apparatus key Bj . 

1.1.9 Inversion Unit 222 

The inversion unit 222 includes a processor, a ROM 
15 for storing programs, and a RAM for providing a work area, 
and prestores a decryption algorithm D3 that conforms to 
DES. 

The inversion unit 222 first reads the encrypted 
apparatus key Bj from the apparatus key information storing 
20 unit 223 and reads the master key Mk from the master key 
storing unit 210. 

The inversion unit 222 then generates the apparatus 
key A'j by applying the decryption algorithm D3 to the 
encrypted apparatus key Bj using the master key Mk as a key 
25 of the decryption algorithm D3. The generated apparatus key 
A'j can be expressed by Formula 7 given below. 

<Formula 7> 
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A'j=D3 (Mk,Bj) 

=D3 (Mk,E3 (Mk,Aj ) ) 

The inversion unit 222 finally outputs the generated 
5 apparatus key A'j to the apparatus key storing unit 221. 

1.1.10 Apparatus Key Storing Unit 221 

The apparatus key storing unit 221 includes a 
semiconductor memory and holds the apparatus key A'j 
10 outputted from the inversion unit 222. 

1.1.11 Control unit 280 

The control unit 280 includes a processor, a ROM for 
storing programs, and a RAM for providing a work area. The 

15 control unit 280 receives an authentication signal from the 
mutual authentication control unit 254. The authentication 
signal shows whether memory card writer 300 or the memory 
card reader 4 00 in which the memory card 200 is placed is an 
authorized device. 

20 When the authentication signal shows that the memory 

card writer 300 or the memory card reader 400 is an 
unauthorized device, the control unit 280 outputs a 
communication termination signal to the communication unit 
27 0, which then terminates the communication with the memory 

25 card writer 300 or the memory card reader 400. 

1.2 Construction of Memory Card Writer 300 

Fig. 5 shows the construction of the memory card 
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writer 300. As shown in this drawing, the memory card writer 
300 includes an apparatus key storing unit 310, a conversion 
unit 311, an apparatus key information storing unit 312, a 
master key storing unit 313, a media inherent key information 
5 storing unit 320, an inversion unit 321, a media inherent key 
storing unit 323, a mutual authentication unit 330, a 
communication unit 340, a control unit 350, an encryption 
unit 360, a content storing unit 370, and a content download 
unit 380. 

.0 The content download unit 380 is connected to the 

outside via the communication line 10. 



1.2.1 A pparatus Kev Storing Unit 310 

The apparatus key storing unit 310 includes a 
semiconductor memory and prestores an apparatus key Aj that 
is a 56-bit bit string. Different apparatus keys are 
assigned to respective memory card writers. The apparatus 
key of each memory card writer is obtained by performing a 
given calculation, such as addition, on a production number 
that is inherent in each memory card writer and a random 
number that is randomly generated when each memory card 
writer is produced. 



1.2.2 Conver sion Unit 311 
25 The conversion unit 311 

for storing programs, a RAM for 
conversion unit 311 reads the 
apparatus key storing unit 310 



includes a processor, a ROM 
providing a work area. The 
apparatus key Aj from the 
and reads the master key Mk 
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from the master key storing unit 313. 

The conversion unit 311 also prestores an encryption 
algorithm E3 that conforms to DES . 

The relation between the decryption algorithm D3 
5 prestored in the inversion unit 222 and the encryption 
algorithm E3 can be expressed by Formula 8 given below. 

<Formula 8> 

E3=crpt (D3) 

10 

The conversion unit 311 generates the encrypted 
apparatus key Bj by applying the encryption algorithm E3 to 
the apparatus key Aj read from the apparatus key storing unit 
310 using the master key Mk read from the master key storing 
15 unit 313 as the key of the encryption algorithm E3. The 
encrypted apparatus key Bj can be expressed by Formula 9 
given below. 

<Formula 9> 
20 Bj=E3 (Mk,Aj) 

The conversion unit 311 outputs the encrypted 
apparatus key Bj to the apparatus key information storing 
unit 312. 

25 

1.2.3 Apparatus Key Information Storing Unit 312 

The apparatus key information storing unit 312 
includes a semiconductor memory, receives the encrypted 
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apparatus key Bj from the conversion unit 311, and holds the 
encrypted apparatus key Bj . 

1.2.4 Master Key Storing Unit 313 
5 The master key storing unit 313 includes a 

semiconductor and prestores the master key Mk. This master 
key Mk is the same as that prestored in the master key 
storing unit 210 of the memory card 200. 

= 10 1.2.5 Media Inherent Key Information Storing Unit 320 

*J3 The media inherent key information storing unit 32 0 

M= includes a semiconductor, receives the encrypted inherent key 

ftj Ji from the communication unit 34 0, and holds the encrypted 

g inherent key Ji . 

J\ 15 

O 1.2.6 Inversion Unit 321 

Ul The inversion unit 321 includes a processor, a ROM 

y3 for storing programs, and a RAM for providing a work area. 

The inversion unit 321 reads the encrypted inherent key Ji 
20 from the media inherent key information storing unit 32 0 and 

reads the master key Mk from the master key storing unit 

313. 

The inversion unit 321 prestores a decryption 
algorithm Dl that conforms to DES . 
25 The relation between the encryption algorithm El 

prestored in the conversion unit 230 of the memory card 200 
and the decryption algorithm Dl can be expressed by Formula 
10 given below. 
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<Formula 10> 

El=crpt (Dl) 

The inversion unit 321 generates an inherent key K'i 
5 by applying the decryption algorithm Dl to the encrypted 
inherent key Ji using the master key Mk as the key of the 
decryption algorithm Dl. The inherent key K'i can be 
expressed by Formula 11 given below. 

<Formula 11> 

K'i=Dl (Mk,Ji) 

=D1 (Mk, El (Mk, Ki ) ) 

The inversion unit 321 outputs the inherent key K'i 
to the media inherent key storing unit 323. 

1.2.7 Media Inherent Key Storing Unit 323 
The media inherent key storing unit 323 includes a 

semiconductor, receives the inherent key K'i from the 
inversion unit 321, and holds the inherent key K'i. 

1.2.8 Mutual Authentication Unit 330 
The mutual authentication unit 330 includes a random 

number generating unit 331, an encryption unit 332, a 
25 decryption unit 333, and a mutual authentication control unit 
334. Each element of the mutual authentication unit 330 
includes a processor, a ROM for storing programs, and a RAM 
for providing a work area. 

33 




(1) Random Number Generating Unit 331 

The random number generating unit 331 generates the 
random number Rl that is a 64-bit bit string and outputs the 
random number Rl to the communication unit 340 and the mutual 
5 authentication control unit 334. 

(2) Encryption Unit 332 

The encryption unit 332 prestores the encryption 
algorithm E2 that conforms to DES . 

The encryption unit 332 first receives the random 
10 number R2 from the communication unit 340 and reads the 
apparatus key Aj from the apparatus key storing unit 310. 

The encryption unit 332 then generates the encrypted 
random number S2 by applying the encryption algorithm E2 to 
the random number R2 using the apparatus key Aj as the key of 
15 the encryption algorithm E2 . The encrypted random number S2 
can be expressed by Formula 12 given below. 

<Formula 12> 

S2=E2 (Aj,R2) 

20 

The encryption unit 332 finally outputs the encrypted 
random number S2 to the communication unit 34 0. 

(3) Decryption Unit 333 

The decryption unit 333 prestores the decryption 
25 algorithm D2 . 

The relation between the encryption algorithm E2 
prestored in the encryption unit 252 and the decryption 
algorithm D2 can be expressed by Formula 13 given below. 
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<Formula 13> 

E2=crpt (D2) 



The decryption unit 333 first receives the encrypted 
5 random number SI from the communication unit 34 0 and reads 
the inherent key K'i from the media inherent key storing unit 
323. 

The decryption unit 333 then generates a random 
number R* 1 by applying the decryption algorithm D2 to the 
10 encrypted random number SI using the inherent key K'i as the 
key of the decryption algorithm D2 . The random number R'l 
can be expressed by Formula 14 given below. 



<Formula 14> 
15 R'1=D2 (K'i, SI) 

=D2 (K'i,E2 (Ki,Rl) ) 



The decryption unit 333 finally outputs the random 
number R'l to the mutual authentication control unit 334. 

20 

(4) Mutual Authentication Control unit 334 

The mutual authentication control unit 334 receives 
the random number R'l and the random number Rl from the 
decryption unit 333 and the random number generating unit 
25 331, respectively. 

The mutual authentication control unit 334 then 
compares the random number R'l with the random number Rl. If 
the random number R'l matches the random number Rl, the 
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mutual authentication control unit 334 judges that the memory 
card 200 placed in the memory card writer 300 is an 
authorized device; if not, the mutual authentication control 
unit 334 judges that the memory card 200 placed in the memory 
5 card writer 300 is an unauthorized device. 

After this judgement, the mutual authentication 
control unit 334 outputs an authentication signal to the 
control unit 350. The authentication signal shows whether 
the memory card 200 placed in the memory card writer 300 is 
10 an authorized device. 



1.2.9 Communication Unit 34 0 

The communication unit 340 receives the encrypted 
inherent key Ji from the communication unit 270 of the memory 
15 card 2 00 and outputs the encrypted inherent key Ji to the 
media inherent key information storing unit 32 0. 

The communication unit 340 also receives the random 
number Rl from the random number generating unit 331 and 
outputs the random number Rl to the communication unit 270 of 
20 the memory card 200. 

The communication unit 34 0 further receives the 
encrypted random number SI from the communication unit 270 of 
the memory card 200 and outputs the encrypted random number 
SI to the decryption unit 333 of the mutual authentication 
25 unit 330. 

The communication unit 34 0 also reads the encrypted 
apparatus key Bj from the apparatus key information storing 
unit 312 and outputs the encrypted apparatus key Bj to the 
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communication unit 270 of the memory card 200. 

The communication unit 340 also receives the random 
number R2 from the communication unit 270 of the memory card 
200 and outputs the random number R2 to the encryption unit 
5 332 of the mutual authentication unit 330. 

The communication unit 340 also receives the 
encrypted random number S2 from the encryption unit 332 and 
outputs the encrypted random number S2 to the communication 
unit 270 of the memory card 200. 
10 On receiving a communication termination signal from 

Q 

.ji the control unit 350, the communication unit 34 0 terminates 

[\ the communication with the communication unit 270 of the 

rf memory card 200. 

4= The communication unit 34 0 further receives the 

= 15 encrypted partial contents Fi (where i=l,2,3, ...) from the 
q encryption unit 3 60 and outputs the encrypted partial 

f= contents Fi to the communication unit 27 0 of the memory card 

1 200. 

20 1.2.10 Control unit 350 

The control unit 350 includes a processor, a ROM for 
storing programs, and a RAM for providing a work area. The 
control unit 350 receives an authentication signal from the 
mutual authentication control unit 334. The authentication 
25 signal shows whether the memory card 200 placed in the memory 
card writer 300 is an authorized device. 

When the authentication signal shows that the memory 
card 200 is an unauthorized device, the control unit 350 
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outputs a communication termination signal to the 
communication unit 340, which then terminates" the 
communication with the memory card 200. 

When the authentication signal shows that the memory 
5 card 200 is an authorized device, the control unit outputs a 
download signal to the content download unit 380, which then 
downloads contents from the outside. 

1.2.11 Content Download Unit 380 

10 The content download unit 380 receives a download 

signal from the control unit 350. 

After receiving the download signal from the control 
unit 350, the content download unit 380 downloads music data 
from the outside via the communication line 10 and outputs 

15 the music data to the content storing unit 37 0. 

It should be noted here that in this embodiment, 
music data is downloaded. However, other contents, such as 
document, image, and movie data, may be downloaded. 

20 1.2.12 Content Storing Unit 370 

The content storing unit 37 0 includes a semiconductor 
memory, receives contents from the content download unit 380, 
and holds the contents. 

25 1.2.13 Encryption Unit 360 

The encryption unit 360 includes a processor, a ROM 
for storing programs, and a RAM for providing a work area. 
The encryption unit 360 also prestores the encryption 
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algorithm E2 that conforms to DES . 

The encryption unit 360 first reads a content "from 
the content storing unit 370 and reads the inherent key K'i 
from the media inherent key storing unit 323. 
5 The encryption unit 3 60 then divides the content read 

from the content storing unit 370 into a plurality of partial 
contents Ci (i=l, 2, 3,...) which each is a 64-bit bit string 
and generates a plurality of encrypted partial contents Fi 
(i=l, 2, 3,...) by applying the encryption algorithm E2 to 
10 each partial content Ci using the inherent key K'i read from 
the media inherent key storing unit 323 as the key of the 
encryption algorithm E2 . The plurality of encrypted partial 
contents Fi can be expressed by Formula 15 given below. 

15 <Formula 15> 

Fi=E2 (K'i,Ci) (where i=l, 2, 3,...) 

The encryption unit 3 60 finally outputs the encrypted 
partial contents Fi to the communication unit 340. 

20 

1.3 Construction of Memory Car d Reader 400 

Fig. 6 shows the construction of the memory card 
reader 400. As shown in this drawing, the memory card reader 
400 includes an apparatus key storing unit 410, a conversion 
25 unit 411, an apparatus key information storing unit 412, a 
master key storing unit 413, a media inherent key information 
storing unit 420, an inversion unit 421, a media inherent key 
storing unit 423, a mutual authentication unit 430, a 
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communication unit 440, a control unit 450, a decryption unit 
460, a content storing unit 470, a reproduction unit 480, and 
an operation unit 4 90. 

The apparatus key storing unit 410, the conversion 
5 unit 411, the apparatus key information storing unit 412, the 
master key storing unit 413, the media inherent key 
information storing unit 420, the inversion unit 421, the 
media inherent key storing unit 423, the mutual 
authentication unit 430, and the communication unit 440 of 

10 the memory card reader 4 00 are respectively the same as the 
apparatus key storing unit 310, the conversion unit 311, the 
apparatus key information storing unit 312, the master key 
storing unit 313, the media inherent key information storing 
unit 320, the inversion unit 321, the media inherent key 

15 storing unit 323, the mutual authentication unit 330, and the 
communication unit 340 of the memory card writer 300. 
Therefore, the following description omits these elements and 
centers on the elements that have the different functions and 
perform the different operations. 

20 

1.3.1 Control unit 450 

The control unit 450 receives an authentication 
signal and, when the authentication signal shows that the 
memory card 2 00 placed in the memory card reader 400 is an 
25 authorized device, outputs a decryption signal to the 
decryption unit 4 60, which then decrypts the encrypted 
content received from the communication unit 440. 
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1.3.2 Decryption Unit 4 60 

The decryption unit 4 60 prestores the decryption 
algorithm D2 that conforms to DES, and receives a decryption 
signal from the control unit 450. 
5 On receiving a decryption signal from the control 

unit 450, the decryption unit 460 receives an encrypted 
content from the communication unit 440 and reads the 
inherent key K'i from the media inherent key storing unit 
423. 

10 The decryption unit 4 60 then divides the encrypted 

content into a plurality of partial encrypted contents Gi 
(i=l, 2, 3,...) which each are a 64-bit bit string and 
generates a plurality of partial contents Hi (i=l, 2, 3,...) 
by applying the decryption algorithm D2 to each partial 

15 encrypted contents Gi using the inherent key K'i read from 
the media inherent key storing unit 423 as the key of the 
decryption algorithm D2 . The generated partial contents Hi 
can be expressed by Formula 16 given below. 

20 <Formula 16> 

Hi=D2 (K'i,Gi) (where i=l, 2, 3,...) 

The decryption unit 4 60 finally outputs the generated 
partial contents Hi to the content storing unit 47 0. 

25 

1.3.3 Content Storing Unit 470 

The content storing unit 470 receives the partial 
contents Hi from the decryption unit 4 60 and holds the 
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partial contents Hi. 



1.3.4 Operation Unit 490 

The operation unit 490 includes a plurality of 
5 buttons for allowing a user to input various instructions. 

When the user pushes a button, the operation unit 4 90 
outputs a signal corresponding to the pushed button to the 
reproduction unit 480. 



10 1.3.5 Reproduction Unit 480 

The reproduction unit 480 receives a signal 
corresponding to the button pushed by the user from the 
operation unit 4 90. 

After receiving the signal, the reproduction unit 480 
15 reads the music data from the content storing unit 470 and 
reproduces the music data. 



2. Operation of Digital Content Protection System 100 

The following is a description of the operation of 
20 the digital content protection system 100. 



2.1 Operation Outline in the Case Where Memory Card 200 Is 
Placed in Memory Card Writer 300 

The operation outline in the case where the memory 
25 card 200 is placed in the memory card writer 300 is described 
below with reference to the flowchart shown in Fig. 7. 

After the memory card 200 is placed in the memory 
card writer 300, the memory card writer 300 judges whether 
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the memory card 200 is an authorized device (step S110) . 
When the memory card writer 300 judges that the memory "card 
200 is an unauthorized device (step Sill), the memory card 
writer 300 does not communicate with the memory card 200 and 
5 terminates the operation. 

When the memory card writer 300 judges that the 
memory card 200 is an authorized device (step Sill) , the 
memory card 200 whether the memory card writer 300 is an 
authorized device (step S112). When the memory card 200 
10 judges that the memory card writer 300 is an unauthorized 
device (step S113) , the memory card 200 does not communicate 
with the memory card writer 300 and terminates the 
operation. 

When the memory card 200 judges that the memory card 
15 writer 300 is an authorized device (step S113) , the memory 
card writer 300 downloads a content from the outside, 
encrypts the downloaded content, and outputs the encrypted 
content to the memory card 200 (step S114) . The memory card 
200 holds the encrypted content (step S115) . 

20 

2.2 Operation Outline in the Case Where Memory Card 200 Is 
Placed in Memory Card Reader 400 

The operation outline in the case where the memory 
card 200 is placed in the memory card reader 400 is described 
25 below with reference to the flowchart shown in Fig. 8. 

After the memory card 200 is placed in the memory 
card reader 400, the memory card reader 400 judges whether 
the memory card 200 is an authorized device (step S120) . 
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When the memory card reader 4 00 judges that the memory card 
200 is an unauthorized device (step S121) , the memory "card 
reader 4 00 does not communicate with the memory card 200 and 
terminates the operation. 
5 When the memory card reader 4 00 judges that the 

memory card 200 is an authorized device (step S121), the 
memory card 200 judges whether the memory card reader 400 is 
an authorized device (step S122) . When the memory card 200 
judges that the memory card reader 400 is an unauthorized 
10 device (step S123) , the memory card 200 does not communicate 
with the memory card reader 400 and terminates the 
operation . 

When the memory card 200 judges that the memory card 
reader 400 is an authorized device (step S123) , the memory 
15 card 2 00 outputs encrypted contents to the memory card reader 
400 (step S124) . The memory card reader 400 decrypts the 
encrypted contents outputted from the memory card 2 00 (step 
S125) and reproduces the decrypted contents (step S126) . 

20 2.3 Authentication Ope ration in the Case Where Memory Card 
200 Is Placed in Memory Card Writer 300 

The authentication operation in the case where the 
memory card 200 is placed in the memory card writer 300 is 
described in detail below with reference to Figs. 9 and 10. 

25 The conversion unit 230 generates the encrypted 

inherent key El (Mk,Ki) by applying the encryption algorithm 
El to the inherent key Ki using the master key Mk as the key 
of the encryption algorithm El (step S130) . The 
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communication unit 270 outputs the encrypted inherent key El 
(Mk,Ki) to the inversion unit 321 via the communication "unit 
340 (step S131) . The inversion unit 321 generates the 
inherent key K'i=Dl (Mk, El (Mk, Ki) ) by applying the decryption 
5 algorithm Dl to the encrypted inherent key El (Mk,Ki) using 
the master key Mk as the key of the decryption algorithm Dl 
(step S132) . The random number generating unit 331 generates 
the random number Rl (step S133) . The communication unit 340 
outputs the generated random number Rl to the encryption unit 
10 252 via the communication unit 270 (step S134) . The 
encryption unit 252 generates the encrypted random number E2 
(Ki, Rl ) by applying the encryption algorithm E2 to the random 
number Rl using the inherent key Ki as the key of the 
encryption algorithm E2 (step S135) . The communication unit 
15 270 outputs the encrypted random number E2 (Ki , Rl ) to the 
decryption unit 333 via the communication unit 340 (step 
S136) . The decryption unit 333 generates D2 (K'i, E2 (Ki, Rl) ) 
by applying the decryption algorithm D2 to the encrypted 
random number E2 (Ki , Rl ) using the inherent key K'i as the 
20 key of the decryption algorithm D2 (step S137) . The mutual 
authentication control unit 334 compares the random number Rl 
with D2 (K'i, E2 (Ki, Rl ) ) . If the random number Rl matches D2 
(K'i, E2 (Ki, Rl) ) , the mutual authentication control unit 334 
judges that the memory card 200 is an authorized device; if 
25 not, the mutual authentication control unit judges that the 
memory card 200 is an unauthorized device (step S138) . 

The conversion unit 311 generates the encrypted 
apparatus key E3 (Mk,Aj) by applying the encryption algorithm 
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E3 to the apparatus key Aj using the master key Mk as the key 
of the encryption algorithm E3 (step S139) . ~ The 
communication unit 34 0 outputs the encrypted apparatus key E3 
(Mk,Aj) to the inversion unit 222 via the communication unit 
5 270 (step S140) . The inversion unit 222 generates the 
apparatus key A'j=D3 (Mk, E3 (Mk, Aj ) ) by applying the 
decryption algorithm D3 to the encrypted apparatus key E3 
(Mk,Aj) using the master key Mk as the key of the decryption 
algorithm D3 (step S141) . The random number generating unit 

10 251 generates the random number R2 (step S142) . " The 
communication unit 27 0 outputs the generated random number R2 
to the encryption unit 332 via the communication 34 0 (step 
S143) . The encryption unit 332 generates the encrypted 
random number E2 (Aj , R2 ) by applying the encryption algorithm 

15 E2 to the random number R2 using the apparatus key Aj as the 
key of the encryption algorithm E2 (step S144). The 
communication unit 340 outputs the encrypted random number E2 
( A j , R2 ) to the decryption unit 253 via the communication unit 
270 (step S145) . The decryption unit 253 generates D2 

20 (A'j , E2 (Aj , R2) ) by applying the decryption algorithm D2 to 
the encrypted random number E2 ( A j , R2 ) using the apparatus 
key A'j as the key of the decryption algorithm D2 (step 
S14 6) . The mutual authentication control unit 254 compares 
the random number R2 with D2 (A'j , E2 (Aj , R2) ) . If the random 

25 number R2 matches D2 (A'j , E2 ( Aj , R2 ) ) , the mutual 
authentication control unit 254 judges that the memory card 
writer 300 is an authorized device; if not, the mutual 
authentication control unit 254 judges that the memory card 
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writer 300 is an unauthorized device (step S147) . 

2.4 Conclusion 

As described above, a recording medium device, such 
5 as a memory card, that includes an area for holding encrypted 
digital contents is connected to an access device, such as a 
memory card writer or a memory card reader, that writes 
information into or reads information from the area of the 
recording medium device. Each of these devices then judges 

10 whether the other device is an authorized devices. Only if 
both of these devices judge that the other device is an 
authorized device, contents are transferred between these 
devices. With this construction, an authorized device does 
not transfer contents to an unauthorized device. This 

15 prevents contents that have been properly downloaded from 
being used without a proper authorization. Also, an 
unauthorized device cannot transfer contents to an authorized 
device, which prevents illegally obtained contents from being 
reused. As a result, the digital content protection system 

20 of the present embodiment performs a very secure 
authentication process which prevents replay attacks by an 
unauthorized recording medium device that imitates the 
authentication procedure performed by an authorized access 
device. Also, the present digital content protection system 

25 prevents an unauthorized device from circumventing an 
authorized device to read or to write contents without proper 
authorization . 

The recording medium device encrypts its inherent key 
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using a master key and sends the encrypted inherent key to 
the access device. The access device generates 
authentication information, which is to say a random number, 
and sends the authentication information to the recording 
5 medium device. The recording medium device encrypts the 
authentication information using the inherent key and sends 
the encrypted authentication information to the access 
device. The access device decrypts the encrypted inherent 
key using the master key, decrypts the encrypted 

10 authentication information using the decrypted inherent key, 
and judges whether the recording medium device is an 
authorized device by comparing the original authentication 
information with the decrypted authentication information. 
If the original authentication information matches the 

15 decrypted authentication information, the access device 
judges that the recording medium device is an authorized 
device. This process is also performed when the recording 
medium device judges whether the access device is an 
authorized device. Therefore, each of these devices can 

20 judge whether the other device is an authorized device. 
During the authentication process, three information 
transfers, that is, the transfer of encrypted inherent key, 
the transfer of authentication information, and the transfer 
of encrypted authentication information, are performed 

25 between these devices. These information transfers make it 
difficult for an unauthorized device to imitate the 
authentication procedure. Also, the present digital content 
protection system performs two types of encryptions, that is, 
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the encryption of the inherent key and the encryption of the 
authentication information. These encryptions make it 
difficult for an unauthorized device to decrypt the encrypted 
information. Furthermore, because the master key is not 
5 transferred between the devices, the leakage of the master 
key is prevented. 



3. Second Embodiment 

The digital content protection system 100a of the 
10 second embodiment is described below. 



3.1 Digital Conte nt Protection System 100a 

Fig. 11 is a block diagram showing the construction 
of the digital content protection system 100a of the second 
15 embodiment. As shown in this drawing, the digital content 
protection system 100a includes a memory card 200a, a media 
inherent key information generating device 600, the memory 
card writer 300, and the memory card reader 400. 

The memory card writer 300 and the memory card reader 
20 4 00 of the present system are respectively the same as those 
of the digital content protection system 100 and are not 
described here. 

The memory card 200a is connected to the media 
inherent key information generating device 600. 

25 

3.1.1 Media Inherent Key Information Generating Device 600 

The media inherent key information generating device 
600 includes a master key storing unit 210b, a media inherent 
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key storing unit 220b, a conversion unit 230b, a media 
inherent key information storing unit 240b, and a 
communication unit 27 0b. 

The master key storing unit 210b, the media inherent 
key storing unit 220b, the conversion unit 230b, and the 
media inherent key information storing unit 240b are 
respectively similar to the master key storing unit 210, the 
media inherent key storing unit 220, the conversion unit 230, 
and the media inherent key information storing unit 24 0 of 
the memory card 200. Therefore, the following description 
centers on the different aspects of these elements. 

(1) Master Key Storing Unit 210b 

The master key storing unit 210b prestores the master 
key Mk, like the master key storing unit 210. 

(2) Media Inherent Key Storing Unit 220b 

The media inherent key storing unit 220b receives the 
inherent key Ki from the communication unit 270b and holds 
the inherent key Ki . 

(3) Conversion Unit 230b 

The conversion unit 230b, in the same manner as the 
conversion unit 230, generates the encrypted inherent key Ji 
using the inherent key Ki held in the media inherent key 
storing unit 220b and the master key Mk prestored in the 
master key storing unit 210b. The conversion unit 230b then 
outputs the encrypted inherent key Ji to the media inherent 
key information storing unit 240b. 

(4) Media Inherent Key Information Storing Unit 24 0b 

The media inherent key information storing unit 2 4 0b 
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receives the encrypted inherent key Ji from the conversion 
unit 230b and holds the encrypted inherent key Ji . 
(5) Communication Unit 27 0b 

The communication unit 27 0b receives the inherent key 
5 Ki from the communication unit 270a of the memory card 200a 
and outputs the inherent key Ki to the media inherent key 
storing unit 220b. 

Also, the communication unit 27 0b reads the encrypted 
inherent key Ji from the media inherent key information 
10 storing unit 24 0b and outputs the encrypted inherent key Ji 
to the communication unit 270a of the memory card 200a. 



3.1.2 Memory Card 200a 

As shown in Fig. 11, the memory card 200a includes a 

15 master key storing unit 210, a media inherent key storing 
unit 220, a media inherent key information storing unit 240a, 
an apparatus key storing unit 221, an inversion unit 222, an 
apparatus key information storing unit 223, a mutual 
authentication unit 250, an encrypted content storing unit 

20 260, a communication unit 270a, and a control unit 280. 

The master key storing unit 210, the media inherent 
key storing unit 220, the apparatus key storing unit 221, the 
inversion unit 222, the apparatus key information storing 
unit 223, the mutual authentication unit 250, the encrypted 

25 content storing unit 260, and the control unit 280 of the 
memory card 200a are respectively the same as those of the 
memory card 200 and are not described here. Therefore, the 
following description centers on the media inherent key 
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information storing unit 240a and the communication unit 270a 
that are different from the media inherent key information 
storing unit 240 and the communication unit 270 of the memory 
card 200. 

5 (1) Media Inherent Key Information Storing Unit 240a 

The media inherent key information storing unit 24 0a 
receives the encrypted inherent key Ji from the communication 
unit 270a and holds the encrypted inherent key Ji . 
(2) Communication Unit 27 0a 
10 The communication unit 27 0a reads the inherent key Ki 

from the media inherent key storing unit 220 and outputs the 
inherent key Ki to the communication unit 270b of the media 
inherent key information generating device 600. 

Also, the communication unit 270a receives the 
15 encrypted inherent key Ji from the communication unit 270b of 
the media inherent key information generating device 600 and 
outputs the encrypted inherent key Ji to the media inherent 
key information storing unit 240a. 

20 3.1.3 Operation in the Case Where Memory Card 200a Is Placed 
in Media Inherent Key Information Generating Device 600 

The operation in the case where the memory card 2 00a 
is placed in the media inherent key information generating 
device 600 is described below with reference to Fig. 12. 

25 When the memory card 200a is placed in the media 

inherent key information generating device 600, the 
communication unit 27 0a reads the inherent key Ki from the 
media inherent key storing unit 220 and outputs the inherent 
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key Ki to the media inherent key storing unit 220b via the 
communication unit 270b of the media inherent key information 
generating device 600 (step S211) . The conversion unit 230b 
generates the encrypted inherent key Ji using the inherent 
5 key Ki held in the media inherent key storing unit 220b and 
the master key Mk prestored in the master key storing unit 
210b, and outputs the encrypted inherent key Ji to the media 
inherent key information storing unit 240b (step S212). The 
communication unit 2 7 0b reads the encrypted inherent key Ji 
10 from the media inherent key information storing unit 240b and 
outputs the encrypted inherent key Ji to the media inherent 
key information storing unit 2 4 0a via the communication unit 
270a of the memory card 200a (step S213) . 

15 3.1.4 Authentication Operation in the Case Where Memory Card 
200a Is Placed in Memory card Writer 300 

The authentication operation in the case where the 
memory card 200a is placed in the memory card writer 300 is 
described in detail below with reference to Fig. 12. The 

20 following description centers on the different steps between 
the authentication operations shown in Fig. 9 and Fig. 12. 

The authentication operation shown in Fig. 12 
includes steps S201-S206, instead of steps S139-S147 in the 
authentication operation shown in Fig. 9. 

25 After the random number generating unit 251 generates 

a random number R3 (steps S201) r the communication unit 270a 
outputs the generated random number R3 to the encryption unit 
332 via the communication 340 (step S202) . The encryption 



53 



unit 332 generates the encrypted random number E2 (Mk,R3) by 
applying the encryption algorithm E2 to the random number R3 
using the master key Mk as the key of the encryption 
algorithm E2 (step S203) . The communication unit 340 outputs 
5 the encrypted random number E2 (Mk,R3) to the decryption unit 
253 via the communication unit 270 (step S204) . The 
decryption unit 253 generates D2 (Mk, E2 (Mk, R3 ) ) by applying 
the decryption algorithm D2 to the encrypted random number E2 
(Mk,R3) using the master key Mk as the key of the decryption 
10 algorithm D2 (step S205) . The mutual authentication control 
unit 254 compares the random number R3 with D2 
(Mk, E2 (Mk, R3) ) . If the random number R3 matches D2 
(Mk, E2 (Mk, R3) ) , the mutual authentication control unit 254 
judges that the memory card writer 300 is an authorized 
15 device; if not, the mutual authentication control unit 254 
judges that the memory card writer 300 is an unauthorized 
device (step S206) . 

3.1.5 Conclusion 

20 In the second embodiment, before distributed or sold 

to a user, the memory card 200a is connected to the media 
inherent key information generating device 600, the media 
inherent key information generating device 600 generates the 
encrypted inherent key Ji, the encrypted inherent key Ji is 

25 written into the memory card 2 0 0a. 

Accordingly, the memory card 200a does not need to 
include the conversion unit 230 that is included in the 
memory card 200. As a result, the hardware scale of the 
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memory card 200a is reduced, in comparison with the memory- 
card 200. 

When judging whether an access device is an 
authorized device, a recording medium device generates 
5 authentication information, which is to say a random number, 
and transfers the authentication information to the access 
device. After receiving the authentication information, the 
access device encrypts the received authentication 
information using the master key and transfers the encrypted 

10 authentication information to the recording medium device. 
The recording medium device decrypts the encrypted 
authentication information using the master key and compares 
the original authentication information with the decrypted 
authentication information. If the original authentication 

15 information matches the decrypted authentication information, 
the recording medium device judges that the access device is 
an authorized device. This authentication operation 
performed by the digital content protection system 100a is 
simpler than that performed by the digital content protection 

20 system 100. Because the master key is not transferred 
between apparatuses in the digital content protection system 
100a, leakage of the master key can be prevented. 

3.2 Modification of Digital Content Protection System 100 
25 In the digital content protection system 100, the 

memory card 200, the memory card writer 300, and the memory 
card reader 400 prestores the same master key, and the master 
key is used as the key of a common key encryption algorithm 
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and a common key decryption algorithm. However, instead of 
the master key, the memory card 200 may prestore a public key 
Kp and each of the memory card writer 300 and the memory card 
reader 400 may prestore a secret key Ks . The public key Kp 
5 and the secret key Ks are obtained under the RSA 
cryptosystem, which is to say a type of the public key 
cryptosystem. 

The following description concerns the process where 
the public key Kp and the secret key Ks are determined. 

10 Prime numbers p and q are assumed to be decimal numbers 
having around 160 digits, a value n is assumed to be the 
product of these prime numbers, an integer L is assumed to be 
the least common multiple of p-1 and q-1, and values e and d 
are assumed to be invertible in a modulo L. That is, the 

15 relation between the values e and d is represented by e ■ 
d=l (mod L) . Also, the public key Kp is assumed to be the 
values n and e, and the secret key Ks is assumed to be the 
value d. On these assumptions, the conversion unit obtains 
a conversion result C by performing M e (multiplication of an 

20 input M by e times) in the modulo n. Also, the inversion 
unit obtains the input M by performing C d (multiplication of 
the conversion result C by d times). Because C d = (M e ) d =M ed =M in 
the modulo n, the conversion result C is appropriately 
inverted into the input M. 

25 The public key Kp is generated by a separated public 

key generating apparatus in the manner described above and is 
transferred to the memory card 200. 

(Authentication Operation in the Case Where Memory Card 200 



56 



Is Placed in Memory Card Writer 300) 

The authentication operation in the case where the 
memory card 200 is placed in the memory card writer 300 is 
described in detail below with reference to Fig. 13. Note 
5 that the steps of this modification that are the same as 
steps of the above embodiments are assigned the same numbers 
as in Fig. 10 and are not described here. 

The public key generating apparatus reads the secret 
key Ks from the memory card writer 300, generates the public 
10 key Kp from the secret key Ks using a public key encryption 
algorithm, and sends the generated public key Kp to the 
memory card 200. The memory card 200 holds the public key Kp 
(step S301) . 

The conversion unit 230 generates the encrypted 
15 inherent key E4 (Kp,Ki) by applying the encryption algorithm 
E4 to the inherent key Ki using the public key Kp as the key 
of the encryption algorithm E4 (step S302). The 
communication unit 27 0 outputs the encrypted inherent key E4 
(Kp, Ki) to the inversion unit 321 via the communication unit 
20 340 (step S303) . The inversion unit 321 generates the 
inherent key K'i=D4 (Ks, E4 (Kp, Ki) ) by applying the decryption 
algorithm D4 to the encrypted inherent key E4 ( Kp, Ki ) using 
the secret key Ks as the key of the decryption algorithm D4 
(step S304) . 

25 It should be noted here that in this modification, 

the encryption algorithm E4 and the decryption algorithm D4 
are based on the RSA cryptosystem. However, the encryption 
algorithm E4 and the decryption algorithm D4 may be based on 
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any cryptosystem. 

Because the public key and secret key are generated 
in the manner described above, an outsider cannot calculate 
the public key e from the secret key d. This is because even 
5 if the outsider knows the secret key d, the outsider needs to 
know the modulo L to obtain the public key e from the secret 
key d. However, because the modulo L is the least common 
multiple of p-1 and q-1, the outsider cannot obtain the 
modulo L only from the product of p and q. Therefore, even 
10 if the outsider uncovers the secret key d prestored in the 
memory card and the memory card writer, he cannot obtain the 
public key e from the secret key d. This makes it difficult 
for the outsider to make the counterfeit of the memory 
card. 

15 

3.3 Another Modification of Digital Content Protection System 
100 

In the digital content protection system of the above 
modification, a public key Kp and a secret key Ks are 

20 obtained under the RAS cryptosystem. However, in this 
modification, a secret key Ks and a public key Kp are 
obtained under the message recovery signature scheme over an 
elliptic curve, that is a public key cryptosystem. In this 
case, the memory card 200 prestores the secret key Ks and 

25 each of the memory card writer 300 and the memory card reader 
400 prestore the public key Kp. The public key Kp and the 
secret key Ks are determined in the manner described below. 

A scalar x is selected as the secret key Ks . The 
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point "G+G+...+G (addition of G by x times)" over an elliptic 
curve is determined as the public key Kp, with the base point 
on the elliptic curve being set as G. During the conversion 
process, the recovery signature conversion is performed using 
5 the secret key Ks . During the inversion process, the 
recovery signature verification conversion is performed using 
the public key Kp. The recovery signature method is 
described in "A message recovery signature scheme equivalent 
to DSA over elliptic curves" (Atsuko Miyaji, Advances in 

10 Cryptology-Proceedings of ASIACRYPT '96, Lecture Notes in 
Computer Science, 1163 (1996), Springer-Verlag, 1-14) and is 
not described here. 

In the digital content protection system of this 
modification, a separated public key generating apparatus 

15 generates a public key Kp from a secret key Ks prestored in 
the memory card 200 using a public key encryption algorithm, 
and sends the generated public key Kp to the memory card 
writer 300. 

The conversion unit 230 generates the encrypted 
20 inherent key E4 (Ks, Ki) by applying the encryption algorithm 
E4 to the inherent key Ki using the secret key Ks as the key 
of the encryption algorithm E4 . The inversion unit 321 
generates the inherent key K T i=D4 (Kp, E4 (Ks, Ki) ) by applying 
the decryption algorithm D4 to the encrypted inherent key E4 
25 (Ks, Ki) using the public key Kp as the key of the decryption 
algorithm D4 . 

Because the public key Kp and the secret key Ks are 
generated in the manner described above, enormous amounts of 
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calculation need to be performed to obtain the secret key Ks 
from the public key Kp. As a result, it is very difficult to 
calculate the secret key Ks from the public key Kp. Also, 
the security level of the digital content service system can 
5 be enhanced in total by assigning a secret key to the memory 
card and assigning a public key to the memory card writer and 
the memory card reader- This is because the memory card 
writer and the memory card reader generally have the high 
possibilities that their internal constructions are analyzed, 

10 in comparison with the memory card. 

It should be noted here that because public key 
cryptosystems, such as the elliptic curve cryptosystem, 
achieve the system security by utilizing discrete logarithm 
questions, public keys can be uncovered from secret keys in 

15 the public key cryptosystems. 

3.4 Third Embodiment 

The digital content protection system 100c of the 
third embodiment includes a memory card 2 00c shown in Fig. 
20 14, a memory card writer 300c shown in Fig. 15, and a memory 
card reader 400c shown in Fig. 16. 

The memory card 200c is placed in a master key 
selection apparatus that is not shown in the drawings. The 
memory card writer 300c and the memory card reader 400c are 
25 also connected to the master key selection apparatus. 

3.4.1 Master Key Selection Apparatus 

When the memory card 200c is placed in the master key 
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selection apparatus, the master key selection apparatus is 
connected to the memory card 200c via the communication unit 
270 of the memory card 2 00c. 

The master key selection apparatus is also connected 
5 to the memory card writer 300c via the communication unit 340 
of the memory card writer 300c and is connected to the memory 
card reader 4 00c via the communication unit 440 of the memory 
card reader 400c. 

After connected to the memory card 200c, the memory 
10 card writer 300c, or the memory card reader 400c, the master 
key selection apparatus outputs a password to the 
communication unit of the connected device. 

The outputted password corresponds to one of a 
plurality of master keys. 

15 

3.4.2 Memory Card 200c 

The memory card 200c differs from the memory card 200 
in that the memory card 2 00c further includes a master key 
selection unit 215. Other elements of the memory card 200c 

20 are respectively the same as those of the memory card 200. 
Therefore, the following description centers on the different 
aspects of the memory card 200c. 

The master key storing unit 210 prestores the 
plurality of master keys. 

25 After the memory card 2 00c is connected to the master 

key selection apparatus, the communication unit 27 0 receives 
a password from the master key selection apparatus and 
outputs the received password to the master key selection 
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unit 215. 

The master key selection unit 215 finds which master 
key prestored in the master key storing unit 210 corresponds 
to the password and informs the master key storing unit 210 
5 of the corresponding master key. 

The master key storing unit 210 gives a find mark to 
the corresponding master key. The find mark shows that the 
master key to which the find mark is given corresponds to the 
password . 

10 The conversion unit 230 and the inversion unit 222 

read the master key to which the find mark is assigned. 

3.4.3 Memory Card Writer 300c and Memory Card Reader 400c 

The memory card writer 300c differs from the memory 
15 card writer 300 in that the memory card writer 300c further 
includes a master key selection unit 315. Other elements of 
the memory card writer 300c are respectively the same as 
those of the memory card writer 300. 

The master key storing unit 313 prestores the 
20 plurality of master keys. 

The memory card writer 300c performs the same 
operation as the memory card 200c. That is, the 
communication unit 340 receives a password from the master 
key selection apparatus and outputs the received password to 
25 the master key selection unit 315. The master key selection 
unit 315 finds which master key prestored in the master key 
storing unit 313 corresponds to the password. The master key 
storing unit 313 gives a find mark to the corresponding 
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master key. The find mark shows that the master key to which 
the find mark is given corresponds to the password. 

The conversion unit 311 and the inversion unit 321 
read the master key to which the find mark is given. 
5 The memory card reader 400c differs from the memory 

card reader 400 in that the memory card reader 400c further 
includes a master key selection unit 415, and performs the 
same operation as the memory card writer 300c. 



10 3.4.4 Conclusion 

The digital content protection system 100c of the 
third embodiment can be used to protect the contents 
delivered in a plurality of service systems. For instance, 
the plurality of service systems are a music delivery system 

15 that is cooperatively run by A, B, and C companies and a 
movie rental system that is cooperatively run by X, Y, and Z 
companies . 

Each service system is assigned a unique master key. 

For instance, the music delivery system is assigned a master 
20 key Mkl and the movie rental system is assigned a master key 

Mk2 that is different from the master key Mkl. 

It is preferable that the service system to which the 

digital content protection system 100c is applied involves a 

license organization, manufacturers, and users. The license 
25 organization determines the standards of service systems, 

maintains the confidentiality of secret information, such as 

the master key, and issues a license to each manufacturer. 

Each manufacturer receives a license from the license 
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organization, produces devices that conform to the standards 
determined by the license organization, and delivers the 
devices to users. The users use the delivered devices. 

It is difficult to define complete security 
conditions for preventing the manufacturers from leaking the 
master key during the production of devices, such as memory 
cards, memory card writers, and memory card readers. Also, 
it is relatively easy to analyze the internal constructions 
of memory card writers and memory card readers, in comparison 
with memory cards . 

To minimize the possibility of the leakage of the 
master key, to reduce the device production cost including 
the selection of the master key, and to slash the maintenance 
cost of the service system, the manufacturers select the 
master keys of the memory cards and the license organization 
selects the master keys of the memory card writers and the 
memory card readers . 

To do so, three types of master key selection 
apparatuses are used. The master key selection apparatuses 
are master key selection apparatus 901 for the memory cards, 
a master key selection apparatus 902 for the memory card 
writers, and a master key selection apparatus 903 for the 
memory card readers . The manufacturers have the master key 
selection apparatus 901 and the license organization keeps 
the master key selection apparatuses 902 and 903 and does not 
give them to the manufacturers. 

The manufacturers produce memory cards which each 
prestore a plurality of master keys and select one of the 
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plurality of master keys using the master key selection 
apparatus 901. On the other hand, each of the memory "card 
writers and memory card readers prestores only a master key 
selected by the license organization using the master key 
5 selection apparatuses 902 and 903. 

Because each of the recording medium device and 
access device prestores a plurality of master keys, the 
present digital content protection system can be applied to 
a plurality of digital content service systems. 
10 Also, because each service system is assigned a 

unique master key, even if the master key of a service system 
is leaked, other service systems are not affected by the 
master key leakage. As a result, the present digital content 
protection system achieves a high security effect. 

15 

3.5 Fourth Embodiment 

The digital content protection system lOOd of the 
fourth embodiment includes a memory card 2 00d, a memory card 
writer 300d, and a memory card reader 4 00d. The memory card 
20 200d and the memory card writer 300d are shown in Fig. 17, 
while the memory card reader 4 00d is not shown in the 
drawings . 

The memory card 200d, the memory card writer 300d, 
and the memory card reader 400d are respectively similar to 
25 the memory card 200, the memory card writer 300, and the 
memory card reader 400. Therefore, the following description 
centers on the different aspects of these elements. 
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3.5.1 Memory Card 2 00d 

The memory card 200d differs from the memory card 200 
in that the memory card 200d further includes a subgroup key 
storing unit 290d and a conversion unit 291d. Also, the 
5 conversion unit 230 of the memory card 200d differs from the 
conversion unit 230 of the memory card 200. Other elements 
of the memory card 200d are respectively the same as those of 
the memory card 200 and are not described here. 

(1) Subgroup Key Storing Unit 2 90d 

10 The subgroup key storing unit 290d prestores a 

subgroup key Gjk that is a 56-bit bit string. 

When a digital content service system is run by a 
plurality of groups, a plurality of subgroup keys whose 
number is equal to the number of the groups are generated and 

15 each of the plurality of subgroup keys is assigned to one of 
the plurality of groups. 

The digital content service system is, for instance, 
a music delivery service that is cooperatively run by A, B, 
and C companies. In this case, three subgroup keys are 

20 generated and are respectively assigned to the companies. 

(2) Conversion Unit 291d 

The conversion unit 2 91d reads a subgroup key Gjk 
from the subgroup key storing unit 2 90d and reads an inherent 
key Ki from the media inherent key storing unit 220. 
25 Also, the conversion unit 291d generates a 

transformed key by performing a predetermined calculation on 
the read subgroup key Gjk and inherent key Ki. 

Here, the predetermined calculation is, for instance, 
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the exclusive disjunction (exclusive OR) expressed by the 
formula give below. 

(Transformed Key) = (Subgroup Key Gjk) EOR (Inherent Key Ki) 
5 where EOR represents an exclusive disjunction. 

The conversion unit 291d outputs the transformed key 
to the conversion unit 230. 
(3) Conversion Unit 230 

10 In the above examples, the conversion unit 230 reads 

the inherent key Ki from the media inherent key storing unit 
22 0 and generates the encrypted inherent key Ji by applying 
the encryption algorithm El to the inherent key Ki . Instead 
of these operations, in this embodiment, the conversion unit 

15 230 receives the transformed key from the conversion unit 
291d and generates the encrypted inherent key Ji by applying 
the encryption algorithm El to the transformed key. 

3.5.2 Memory Card Writer 300d 

20 The memory card writer 300d differs from the memory 

card writer 300 in that the memory card writer 300d further 
includes a subgroup key storing unit 390d and an inversion 
unit 391d. Also, the inversion unit 321 and the media 
inherent key storing unit 323 of the memory card writer 300d 

25 differ from those of the memory card writer 300. Other 
elements of the memory card writer 300d are respectively the 
same as those of the memory card writer 300 and are not 
described here. 
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(1) Subgroup Key Storing Unit 390d 

The subgroup key storing unit 390d prestores a 
subgroup key Gjk that is a 56-bit bit string, like the 
subgroup key storing unit 290d. 
5 The subgroup key Gjk prestored in the subgroup key 

storing unit 390d is the same of that prestored in the 
subgroup key storing unit 2 90d and is not described here. 

(2) Inversion Unit 321 

In the above examples, the inversion unit 321 

10 generates the inherent key K'i by applying the decryption 
algorithm Dl to the encrypted inherent key Ji read from the 
media inherent key information storing unit 32 0, and outputs 
the generated inherent key K'i to the media inherent key 
storing unit 323. Instead of these operations, in this 

15 embodiment, the inversion unit 321 generates a transformed 
key by applying the decryption algorithm Dl to the encrypted 
inherent key Ji read from the media inherent key information 
storing unit 320, and outputs the transformed key to the 
inversion unit 391d. 

20 (3) Inversion Unit 391d 

The inversion unit 391d reads a subgroup key Gjk from 
the subgroup key storing unit 390d and receives the 
transformed key from the inversion unit 321. 

The inversion unit 391d then generates the inherent 

25 key K'i by performing an inverse calculation of the 
predetermined calculation, which is performed by the 
conversion unit 2 91d, on the subgroup key Gjk and the 
transformed key. 
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The inversion unit 391d finally outputs the inherent 
key K'i to the media inherent key storing unit 323. 
(4) Media Inherent Key Storing Unit 323 

The media inherent key storing unit 323 receives the 
5 inherent key K'i from the inversion unit 391d and holds the 
inherent key K'i. 

3.5.3 Memory Card Reader 400d 

The memory card reader 4 00d differs from the memory 
10 card reader 400 in that the memory card reader 400d further 
includes a subgroup key storing unit 4 90d and an inversion 
unit 491d. Here, the subgroup key storing unit 490d and the 
inversion unit 4 9 Id are respectively the same as the subgroup 
key storing unit 390d and the inversion unit 391d and are not 
15 described here. The inversion unit 421 and the media 
inherent key storing unit 423 of the memory card reader 400d 
are respectively the same as the inversion unit 321 and the 
media inherent key storing unit 323 of the memory card writer 
300d. Furthermore, other elements of the memory card reader 
20 400d are respectively the same as those of the memory card 
reader 400. 

3.5.4 Operation of Digital Content Protection System lOOd 

The following description concerns the operation of 
25 the digital content protection system lOOd. 

The operation outlines in the case where the memory 
card 200d is placed in the memory card writer 300d and in the 
case where the memory card 2 00d is placed in the memory card 
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reader 4 00d are the same as those performed in the digital 
content protection system 100 and are not described here. 

The authentication operation in the case where the 
memory card 200d is placed in the memory card writer 30 Od is 
5 described in detail below with reference to Fig. 18. Note 
that the following description centers on the different steps 
in authentication operation between the present digital 
content protection system and the digital content protection 
system 100. 

10 In step S150d, the conversion unit 291d reads a 

subgroup key Gjk from the subgroup key storing unit 2 90d, 
reads an inherent key Ki from the media inherent key storing 
unit 220, and generates a transformed key H j k by performing 
a predetermined calculation on the subgroup key Gjk and 

15 inherent key Ki . 

In step S130, the conversion unit 230 generates an 
encrypted inherent key El (Mk,Hjk) by applying the encryption 
algorithm El to the transformed key H j k using the master key 
Mk as the key of the encryption algorithm El. 

20 In step S132, the inversion unit 321 generates the 

transformed key Dl (Mk, El (Mk, Hj k) ) by applying the decryption 
algorithm Dl to the encrypted inherent key El (Mk,Hjk) using 
the master key Mk as the key of the decryption algorithm 
Dl . 

25 In step S151d, the inversion unit 391d reads a 

subgroup key Gjk from the subgroup key storing unit 390d, 
receives the transformed key Dl (Mk, El (Mk, H j k) ) from the 
inversion unit 321, and generates the inherent key K'i by 
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performing an inverse calculation of the predetermined 
calculation, which is performed by the conversion unit 2 91d, 
on the subgroup key G j k and the transformed key Dl 
(Mk,El (Mk,Hjk) ) . 

5 In the case where the memory card 200d is placed in 

the memory card reader 400d, the same authentication 
operation is performed. Therefore, the authentication 
operation in the case where the memory card 2 00d is placed in 
the memory card reader 400d is not described here. 

10 

3.5.5 Conclusion 

When a digital content service system is run by a 
plurality of groups, a plurality of subgroup keys whose 
number is equal to the number of the plurality of groups are 

15 generated and each of the plurality of subgroup keys is 
assigned to one of the plurality of groups. This allows each 
group to provide its own service. 

The digital content service system is, for instance, 
a music delivery system for delivering music that is 

20 cooperatively run by A, B, and C companies. In this case, 
three subgroup keys are generated and are respectively 
assigned to these companies. Therefore, A, B, and C 
companies can provide their own music delivery services. 

In many cases, the number of master keys that can be 

25 prestored in a memory card is restricted due to the limited 
storage capacity of the memory card. However, the present 
digital content protection system can increase the number of 
available keys by combining a master key and subgroup keys. 
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It should be noted here that services that are common 
to a plurality of groups can be provided in the pre'sent 
digital content protection system. To do so, two other 
control units are added to the digital content protection 
5 system, the same subgroup key is assigned to each group, and 
the master key is assigned to the digital content service 
system. One of the added control units prohibits the 
conversion unit 291d from performing its conversion 
processing and has the conversion unit 230 convert the 

10 inherent key prestored in the media inherent key storing unit 
220. The other of the added control units prohibits the 
inversion unit 391d from performing its inversion processing 
and has the inversion unit 321 invert the encrypted inherent 
key held in the media inherent key information storing unit 

15 320. 



3.6 Fifth Embodiment 

The digital content protection system lOOe of the 
fifth embodiment includes a memory card 2 00e, a memory card 
20 writer 300e, and a memory card reader 400e. The memory card 
200e and the memory card writer 300e are shown in Fig. 19, 
while the memory card reader 4 00e is not shown in the 
drawings . 

The memory card 200e, the memory card writer 300e, 
25 and the memory card reader 4 00e are respectively similar to 
the memory card 200, the memory card writer 30 0, and the 
memory card reader 400. Therefor, the following description 
centers on the different aspects of these elements. 
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3.6.1 Memory Card 200e 

The memory card 200e differs from the memory card 200 
in that the memory card 200e further includes a subgroup key 
storing unit 290e and a conversion unit 291e. Also, the 
5 communication unit 270 of the memory card 200e differs from 
that of the memory card 200. Other elements of the memory 
card 200e are respectively the same as those of the memory 
card 200 and are not described. 

(1) Subgroup Key Storing Unit 2 90e 

10 The subgroup key storing unit 290e prestores a 

subgroup Gjk that is a 56-bit string. 

The subgroup key is the same as that prestored in the 
subgroup key storing unit 290d and is not described here. 

(2) Conversion Unit 291e 

15 The conversion unit 291e first reads the subgroup key 

Gjk from the subgroup key storing unit 290e and reads the 
encrypted inherent key Ji from the media inherent key 
information storing unit 240. 

The conversion unit 291e then generates a transformed 
20 key by performing a predetermined calculation on the subgroup 
key Gjk and encrypted inherent key Ji. 

Here, the predetermined calculation is the same as 
that performed by the conversion unit 291d. 

The conversion unit 291e finally outputs the 
25 transformed key to the communication unit 270. 

(3) Communication Unit 270 

In the above examples, the communication unit 27 0 
reads the encrypted inherent key Ji from the media inherent 
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key information storing unit 24 0 and outputs the encrypted 
inherent key Ji to the communication unit 340 of the memory 
card writer 300 or the communication unit 440 of the memory 
card reader 400. Instead of these operations, in this 
embodiment, the communication unit 270 receives the 
transformed key from the conversion unit 2 91e and outputs the 
transformed key to the communication unit 34 0 of the memory 
card writer 300e or the communication unit 440 of the memory 
card reader 400e. 

3.6.2 Memory Card Writer 300e 

The memory card writer 300e differs from the memory 
card writer 300 in that the memory card writer 300e further 
includes a subgroup key storing unit 390e and an inversion 
unit 391e. Also, the communication unit 340 of the memory 
card writer 300e differs from the communication unit 34 0 of 
the memory card writer 300. Other elements of the memory 
card writer 300e are respectively the same as those of the 
memory card writer 300 and are not described here. 

(1) Subgroup Key Storing Unit 390e 

The subgroup key storing unit 390e prestores a 
subgroup key Gjk that is a 56-bit bit string, like the 
subgroup key storing unit 290e. 

The subgroup key Gjk prestored in the subgroup key 
storing unit 390e is the same as that prestored in the 
subgroup key storing unit 290e and is not described here. 

(2) Communication Unit 340 

In the above examples, the communication unit 340 
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receives the encrypted inherent key Ji from the communication 
unit 27 0 of the memory card 2 00 and outputs the encrypted 
inherent key Ji to the media inherent key information storing 
unit 320. Instead of these operations, in this embodiment, 
5 the communication unit 34 0 receives the transformed key from 
the communication unit 27 0 of the memory card 2 0 0e and 
outputs the transformed key to the inversion unit 391e. 
(3) Inversion Unit 391e 

The inversion unit 391e first reads the subgroup key 
10 Gjk from the subgroup key storing unit 390e and receives the 
transformed key from the communication unit 34 0. 

The inversion unit 391e then generates the encrypted 
inherent key Ji by performing an inverse calculation of the 
predetermined calculation, which is performed by the 
15 conversion unit 291e, on the subgroup key Gjk and the 
transformed key. 

The inversion unit 391 finally outputs the encrypted 
inherent key Ji to the media inherent key information storing 
unit 32 0. 

20 

3.6.3 Memo ry Card Reader 400e 

The memory card reader 4 00e differs from the memory 
card reader 400 in that the memory card reader 400e further 
includes a subgroup key storing unit 490e and an inversion 
25 unit 491e. The subgroup key storing unit 490e and the 
inversion unit 491e are respectively the same as the subgroup 
key storing unit 390e and the inversion unit 391e and are not 
described here. The communication unit 440 of the memory 
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card reader 400e is the same as the communication unit 340 of 
the memory card writer 300e. Other elements of the memory 
card reader 400e are respectively the same as those of the 
memory card reader 4 00. 

5 

3.6.4 Operation o f Digital Content Protection System lOOe 

The following is a description of the operation of 
the digital content protection system lOOe. 

The operation outlines in the case where the memory 

10 card 200e is placed in the memory card writer 300e and in the 
case where the memory card 200e is placed in the memory card 
reader 4 00e are the same as those performed in the digital 
content protection system 100 and are not described here. 

The authentication operation in the case where the 

15 memory card 200e is placed in the memory card writer 300e is 
described in detail below with reference to Fig. 20. The 
following description centers on the different steps in 
authentication operation between the present digital content 
protection system and the digital content protection system 

20 100. 

In step S150e, the conversion unit 291e reads the 
subgroup key Gjk from the subgroup key storing unit 2 90e, 
reads the encrypted inherent key Ji from the media inherent 
key information storing unit 240, generates the transformed 
25 key by performing the predetermined calculation on the 
subgroup key Gjk and encrypted inherent key Ji, and outputs 
the transformed key to the communication unit 270. 

In step S131, the communication unit 270 receives the 
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transformed key from the conversion unit 291e, outputs the 
transformed key to the communication unit 34 0 of the memory 
card writer 300e. After receiving the transformed key from 
the communication unit 270 of the memory card 200e, the 
communication unit 340 outputs the transformed key to the 
inversion unit 391e. 

In step Sl51e, the inversion unit 391e reads the 
subgroup key G j k from the subgroup key storing unit 390e, 
receives the transformed key from the communication unit 340, 
and generates the encrypted inherent key Ji by performing an 
inverse calculation of the predetermined calculation on the 
subgroup key G j k and transformed key. 

In the case where the memory card 200e is placed in 
the memory card reader 400e, the same authentication 
operation is performed. Therefore, the authentication 
operation in the case where the memory card 2 00e is placed in 
the memory card reader 400e is not described here. 

3.6.5 Conclusion 

Like the digital content protection system lOOd, when 
a digital content service system is run by a plurality of 
groups, a plurality of subgroup keys whose number is equal to 
the number of the plurality of groups are generated and each 
of the plurality of subgroup keys is assigned to one of the 
plurality of groups. This allows each group to provide its 
own service. 

In many cases, the number of master keys that can be 
prestored in a memory card is restricted due to the limited 
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storage capacity of the memory card. However, the present 
digital content protection system can increase the number of 
available keys by combining a master key and subgroup keys. 

It should be noted here that services that are common 
to a plurality of groups can be provided in the present 
digital content protection system. To do so, two other 
control units are added to the digital content protection 
system, the same subgroup key is assigned to each group, and 
the master key is assigned to the digital content service 
system. One of the added control units prohibits the 
conversion unit 291e from performing its conversion 
processing and has the conversion unit 230 convert the 
inherent key prestored in the media inherent key storing unit 
220. The other of the added control units prohibits the 
inversion unit 391e from performing its inversion processing 
and has the inversion unit 321 invert the encrypted inherent 
key held in the media inherent key information storing unit 
320. 

3 . 7 Sixth Embodiment 

The digital content protection system lOOf of the 

sixth embodiment includes a memory card 200f, a memory card 
writer 300f, and a memory card reader 400f . The memory card 
200f and the memory card writer 300f are shown in Fig. 21, 
while the memory card reader 400f is not shown in the 
drawings . 

The memory card 2 00f, the memory card writer 300f, 
and the memory card reader 4 00f are respectively similar to 



78 



the memory card 200, the memory card writer 300, and the 
memory card reader 400. Therefore, the following description 
centers on the different aspects of these elements. 

3.7.1 Memory Hard 200f 

The memory card 2 00f differs from the memory card 200 
in that the memory card 200f further includes a subgroup key 
storing unit 290f and a conversion unit 291f. Also, the 
conversion unit 230 of the memory card 200f differs from the 
conversion unit 230 of the memory card 200. Other elements 
of the memory card 200f are respectively the same as those of 
the memory card 200 and are not described here. 

(1) Subgroup Key Storing Unit 290f 

The subgroup key storing unit 290f prestores a 
subgroup key G j k that is a 5 6-bit bit string. 

The subgroup key prestored in the subgroup key 
storing unit 290f is the same as that prestored in the 
subgroup key storing unit 2 90d and is not described here. 

(2) Conversion Unit 291f 

The conversion unit 291f first reads the subgroup key 
Gjk from the subgroup key storing unit 2 90f and reads the 
master key Mk from the master key storing unit 210. 

The conversion unit 2 91f then generates a transformed 
key by performing a predetermined calculation on the subgroup 
key Gjk and master key Mk. 

Here, the predetermined calculation is the same as 
that performed by the conversion unit 2 91d. 

The conversion unit 291f finally outputs the 
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transformed key to the conversion unit 230. 
(3) Conversion Unit 230 

In the above examples, the conversion unit 230 reads 
the master key Mk from the master key storing unit 210 and 
5 generates the encrypted inherent key Ji by applying the 
encryption algorithm El to the inherent key Ki using the 
master key Mk as the key of the encryption algorithm El. 
Instead of these operations, in this embodiment, the 
conversion unit 230 receives the transformed key from the 
10 conversion unit 2 91f and generates the encrypted inherent key 
Ji by applying the encryption algorithm El to the inherent 
key Ki using the transformed key as the key of the encryption 
algorithm El. 

15 3.7.2 Memory Card Writer 300f 

The memory card writer 300f differs from the memory 
card writer 300 in that the memory card writer 300f further 
includes a subgroup key storing unit 390f and an inversion 
unit 391f. Also, the inversion unit 321 of the memory card 

20 writer 300f differs from the inversion unit 321 of the memory 
card writer 300. Other elements of the memory card writer 
300f are respectively the same as those of the memory card 
writer 300 and are not described here. 
(1) Subgroup Key Storing Unit 390f 

25 The subgroup key storing unit 390f prestores a 

subgroup key G j k that is a 56-bit bit string, like the 
subgroup key storing unit 290f. 

The subgroup key prestored in the subgroup key 



storing unit 390f is the same as that prestored in the 
subgroup key storing unit 290f and is not described here. 

(2) Inversion Unit 391f 

The inversion unit 391f first reads the subgroup key 
5 Gjk from the subgroup key storing unit 390f and reads the 
master key Mk from the master key storing unit 313. 

The inversion unit 391f then generates a transformed 
key by performing a predetermined calculation on the subgroup 
key Gjk and the master key Mk. 
10 Here, the predetermined calculation is the same as 

that performed by the conversion unit 291d. 

The inversion unit 391f finally outputs the 
transformed key to the inversion unit 321. 

(3) Inversion Unit 321 

15 In the above embodiments, the inversion unit 321 read 

the master key Mk from the master key storing unit 313 and 
generates the inherent key K'i by applying the decryption 
algorithm Dl to the encrypted inherent key Ji using the 
master key Mk as the key of the decryption algorithm Dl . 

20 Instead of these operations, in this embodiment, the 
inversion unit 321 receives the transformed key from the 
inversion unit 391f and generates the inherent key K'i by 
applying the decryption algorithm Dl to the encrypted 
inherent key Ji using the transformed key as the key of the 

25 decryption algorithm Dl. 

3.7.3 Memory Card Reader 4 00f 

The memory card reader 400f differs from the memory 
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card reader 400 in that the memory card reader 400f further 
includes a subgroup key storing unit 4 90f and an inversion 
unit 4 91f. The subgroup key storing unit 4 90f and the 
inversion unit 4 91f are respectively the same as the subgroup 

5 key storing unit 390f and the inversion unit 391f and are not 
described here. The inversion unit 421 of the memory card 
reader 400f is the same as the inversion unit 321 of the 
memory card writer 300f. Other elements of the memory card 
reader 400f are respectively the same as those of the memory 

10 card reader 400. 

3.7.4 Operation of Digital Content Protection System lOOf 

The following is a description of the operation of 
the digital content protection system lOOf. 

15 The operation outlines in the case where the memory 

card 200f is placed in the memory card writer 300f and in the 
case where the memory card 2 00f is placed in the memory card 
reader 400f are the same as those performed in the digital 
content protection system 100 and are not described here. 

20 The authentication operation in the case where the 

memory card 200f is placed in the memory card writer 300f is 
described in detail below with reference to Fig. 22. The 
following description centers on the different steps in 
authentication operation between the present digital content 

25 protection system and the digital content protection system 
100. 

In step S150f, the conversion unit 291f reads the 
subgroup key Gjk from the subgroup key storing unit 2 90f, 
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reads the master key Mk from the master key storing unit 210, 
generates the transformed key Mk' by performing the 
predetermined calculation on the subgroup key Gjk and master 
key Mk, and outputs the transformed key Mk' to the conversion 

5 unit 230. 

In step S130, the conversion unit 230 generates the 
encrypted inherent key El (Mk T ,Ki) by applying the encryption 
algorithm El to the inherent key Ki using the transformed key 
Mk' as the key of the encryption algorithm El. 

10 In step S151f, the inversion unit 391f reads the 

subgroup key Gjk from the subgroup key storing unit 390f, 
reads the master key Mk from the master key storing unit 313, 
generates the transformed key Mk 1 by performing the 
predetermined calculation on the subgroup key Gjk and master 

15 key Mk, and outputs the transformed key Mk' to the inversion 
unit 321. 

In step 132, the inversion unit 321 generates the 
inherent key K'i=Dl (Mk ' , El (Mk ' , Ki ) ) by applying the 
decryption algorithm Dl to the encrypted inherent key El 

20 (Mk T ,Ki) using the transformed key as the key of the 
decryption algorithm Dl. 

In the case where the memory card 200f is placed in 
the memory card reader 400f, the same authentication 
operation is performed. Therefore, the authentication 

25 operation in the case where the memory card 200f is placed in 
the memory card reader 4 00f is not described here. 

3.7.5 Conclusion 
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Like the digital content protection system lOOd, when 
a digital content service system is run by a plurality of 
groups, a plurality of subgroup keys whose number is equal to 
the number of the plurality of groups are generated and each 
5 of the plurality of subgroup keys is assigned to one of the 
plurality of groups. This allows each group to provide its 
own service. 

In many cases, the number of master keys that can be 
prestored in a memory card is restricted due to the limited 

10 storage capacity of the memory card. However, the present 
digital content protection system can increase the number of 
available keys by combining a master key and subgroup keys. 

It should be noted here that services that are common 
to a plurality of groups can be provided in the present 

15 digital content protection system. To do so, two other 
control units are added to the digital content protection 
system, the same subgroup key is assigned to each group, and 
the master key is assigned to the digital content service 
system. One of the added control units prohibits the 

20 conversion unit 291f from performing its conversion 
processing and has the conversion unit 230 convert the 
inherent key prestored in the media inherent key storing unit 
220. The other of the added control units prohibits the 
inversion unit 391f from performing its inversion processing 

25 and has the inversion unit 321 invert the encrypted inherent 
key held in the media inherent key information storing unit 
320. 

Also, in the digital content protection system lOOf, 
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the same master key is prestored in the master key storing 
units 210 and 313. However, a public key method may be used 
in the manner described below. 

In the digital content protection system lOOf using 

5 the public key method, the master key storing unit 210 of the 
memory card 200f prestores a secret key that is the master 
key. The memory card 200f further includes a public key 
generating unit that generates a public key from the 
transformed key generated by the conversion unit 291f and the 

10 public key is sent to the memory card writer 300f in advance. 
In the memory card writer 300f, the encryption unit 360 
encrypts contents using the public key. 

3.8 Seventh Embodiment 

15 The digital content protection system lOOg of this 

embodiment includes a memory card 200g, a memory card writer 
300g, and a memory card reader 400g. The memory card 200g 
and the memory card writer 300g are shown in Fig. 23, while 
the memory card reader 400g is not shown in the drawings. 

20 The memory card 200g, the memory card writer 300g, 

and the memory card reader 400g are respectively similar to 
the memory card 200, the memory card writer 300, and the 
memory card reader 400. Therefore, the following description 
centers on the different aspects of these elements. 

25 

3.8.1 Memory Card 2 00g 

The memory card 200g differs from the memory card 200 
in that the memory card 200g further includes a subgroup key 
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storing unit 290g and a conversion unit 291g. Also, the 
encryption unit 252 of the memory card 200g differs from that 
of the memory card 200. Other elements of the memory card 
200g are respectively the same as those of the memory card 
5 200. 

(1) Subgroup Key Storing Unit 290g 

The subgroup key storing unit 290g prestores a 
subgroup key G j k that is a 56-bit bit string. 

The subgroup key prestored in the subgroup key 
10 storing unit 290g is the same as that prestored in the 
subgroup key storing unit 290d and is not described here. 

(2) Conversion Unit 291g 

The conversion unit 291g first reads the subgroup key 
Gjk from the subgroup key storing unit 2 90g and reads the 
15 inherent key Ki from the media inherent key storing unit 
220. 

The conversion unit 291g then generates a transformed 
key by performing a predetermined calculation on the subgroup 
key Gjk and the inherent key Ki . 
20 Here, the predetermined calculation is the same as 

that performed by the conversion unit 291d. 

The conversion unit 291g finally outputs the 
transformed key to the encryption unit 252 of the mutual 
authentication unit 250. 
25 (3) Encryption unit 252 

In the above examples, the encryption unit 252 reads 
the inherent key Ki from the media inherent key storing unit 
220 and generates the encrypted random number SI by applying 
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the encryption algorithm E2 to the random number Rl using the 
inherent key Ki as the key of the encryption algorithm E2 . 
Instead of these operations, in this embodiment, the 
encryption unit 252 receives the transformed key from the 
5 conversion unit 291g and generates the encrypted random 
number SI by applying the encryption algorithm E2 to the 
random number Rl using the transformed key as the key of the 
encryption algorithm E2 . 



10 3.8.2 Memory Card Writer 300q 

The memory card writer 300g differs from the memory 
card writer 300 in that the memory card writer 300g further 
includes a subgroup key storing unit 390g and an inversion 
unit 391g. Also, the decryption unit 333 of the memory card 

15 writer 300g differs from that of the memory card writer 300. 
Other elements of the memory card writer 300g are 
respectively the same as those of the memory card writer 
300. 

(1) Subgroup Key Storing Unit 390g 

20 The subgroup key storing unit 390g prestores a 

subgroup key G j k that is a 5 6-bit bit string, like the 
subgroup key storing unit 290g. 

The subgroup key prestored in the subgroup key 
storing unit 390g is the same as that prestored in the 

25 subgroup key storing unit 290g and is not described here. 

(2) Inversion Unit 391g 

The inversion unit 391g first reads the subgroup key 
G j k from the subgroup key storing unit 390g and reads the 
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inherent key K'i from the media inherent key storing unit 
323. 

The inversion unit 391g then generates a transformed 
key by performing a predetermined calculation on the subgroup 
5 key Gjk and the inherent key K'i. 

Here, the predetermined calculation is the same as 
that performed by the conversion unit 291d. 

The inversion unit 391g finally outputs the 
transformed key to the decryption unit 333. 
10 (3) Decryption Unit 333 

In the above examples, the decryption unit 333 reads 
the inherent key K'i from the media inherent key storing unit 
323 and generates the random number R'l by applying the 
decryption algorithm D2 to the encrypted random number SI 
15 using the inherent key K'i as the key of the decryption 
algorithm D2 . Instead of these operations, in this 
embodiment, the decryption unit 333 receives the transformed 
key from the inversion unit 391g and generates the random 
number R'l by applying the decryption algorithm D2 to the 
20 encrypted random number SI using the transformed key as the 
key of the decryption algorithm D2 . 

3.8.3 Memory Card Reader 400a 

The memory card reader 400g differs from the memory 
25 card reader 400 in that the memory card reader 400g further 
includes a subgroup key storing unit 4 90g and an inversion 
unit 4 91g. The subgroup key storing unit 4 90g and the 
inversion unit 4 91g are respectively the same as the subgroup 
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key storing unit 390g and the inversion unit 391g and are not 
described here. The decryption unit 433 of the memory card 
reader 400g is the same as the decryption unit 333 of the 
memory card writer 300g. Other elements of the memory card 
5 reader 400g are respectively the same as those of the memory 
card reader 400. 

3.8.4 Operation of Digital Content Protection System 100a 

The following is a description of the operation of 

10 the digital content protection system lOOg. 

The operation outlines in the case where the memory 
card 200g is placed in the memory card writer 300g and in the 
case where the memory card 200g is placed in the memory card 
reader 400g are the same as those performed in the digital 

15 content protection system 100 and are not described here. 

The authentication operation in the case where the 
memory card 200g is placed in the memory card writer 300g is 
described in detail below with reference to Fig. 24. The 
following description centers on the different steps in 

20 authentication operation between the present digital content 
protection system and the digital content protection system 
100. 

In step S150g, the conversion unit 291g reads the 
subgroup key G j k from the subgroup key storing unit 290g, 
25 reads the inherent key Ki from the media inherent key storing 
unit 22 0, generates the transformed key by performing the 
predetermined calculation on the subgroup key Gjk and 
inherent key Ki, and outputs the transformed key to the 



encryption unit 252 of the mutual authentication unit 250. 

In step S135, the encryption unit 252 receives the 
transformed key from the conversion unit 2 91g and generates 
the encrypted random number SI by applying the encryption 
algorithm E2 to the random number Rl using the transformed 
key as the key of the encryption algorithm E2 . 

In step S151g, the inversion unit 391g reads the 
subgroup key Gjk from the subgroup key storing unit 390g, 
reads the inherent key K'i from the media inherent key 
storing unit 323, generates the transformed key by performing 
the predetermined calculation on the subgroup key Gjk and 
inherent key K'i, and outputs the transformed key to the 
decryption unit 333. 

In step 137, the decryption unit 333 receives the 
transformed key from the inversion unit 391g and generates 
the random number R'i by applying the decryption algorithm D2 
to the encrypted random number SI using the transformed key 
as the key of the decryption algorithm D2 . 

In the case where the memory card 200g is placed in 
the memory card reader 400g, the same authentication 
operation is performed. Therefore, the authentication 
operation in the case where the memory card 200g is placed in 
the memory card reader 400g is not described here. 

3.8.5 Conclusion 

Like the digital content protection system lOOd, when 
a digital content service system is run by a plurality of 
groups, a plurality of subgroup keys whose number is equal to 
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the number of the plurality of groups are generated and each 
of the plurality of subgroup keys is assigned to one of the 
plurality of groups. This allows each group to provide its 
own service. 

5 In many cases, the number of master keys that can be 

prestored in a memory card is restricted due to the limited 
storage capacity of the memory card. However, the present 
digital content protection system can increase the number of 
available keys by combining a master key and subgroup keys. 

10 It should be noted here that services that are common 

to a plurality of groups can be provided in the present 
digital content protection system. To do so, two other 
control units are added to the digital content protection 
system, the same subgroup key is assigned to each group, and 

15 the master key is assigned to the digital content service 
system. One of the added control units prohibits the 
conversion unit 291g from performing its conversion 
processing and has the conversion unit 230 convert the 
inherent key prestored in the media inherent key storing unit 

20 220. The other of the added control units prohibits the 
inversion unit 391g from performing its inversion processing 
and has the inversion unit 321 invert the encrypted inherent 
key held in the media inherent key information storing unit 
320. 

25 

3.9 Eighth Embodiment 

The digital content protection system lOOh of this 
embodiment includes the memory card 2 00, a memory card writer 
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300h, and a memory card reader 400h. These elements are 
shown in Fig. 25 and 26. 

The memory card 200 of this system is the same as 
that of the digital content protection system 100 and is not 
5 described here. The memory card writer 300h and the memory 
card reader 400h are respectively similar to the memory card 
writer 300 and the memory card reader 400. Therefore, the 
following description centers on the different aspects of 
these elements. 

10 

3.9.1 Memory Card Writer 300h 

The memory card writer 300h differs from the memory 
card writer 300 in that the memory card writer 300h further 
includes a conversion unit 392 and a user key input unit 393. 
15 Also, the encryption unit 360 of the memory card writer 300h 
differs from the encryption unit 360 of the memory card 
writer 300. Other elements of the memory card writer 300h 
are respectively the same as those of the memory card writer 
300. 

20 (1) User Key Input Unit 393 

The user key input unit 393 includes an input device 
such as a keyboard and receives a user key from a user. The 
user key means a password that is ' determined by each user, is 
known only by the user, and is inherent in the user. Also, 

25 the user key is a combination of alphabets, numbers, and 
symbols . 

After receiving the user key, the user key input unit 
393 outputs the user key to the conversion unit 392. 
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(2) Conversion Unit 392 

The conversion unit 392 first reads the inherent key 
K'i from the media inherent key storing unit 323 and receives 
the user key from the user key input unit 393. 
5 The conversion unit 392 then generates a transformed 

key by performing a predetermined calculation on the inherent 
key K'i and the user key. Here, the predetermined 
calculation is an exclusive disjunction (exclusive OR) . 

The conversion unit 392 finally outputs the 
10 transformed key to the encryption unit 360. 

(3) Encryption Unit 360 

In the above examples, the encryption unit 3 60 reads 
the inherent key K'i from the media inherent key storing unit 
323, divides the content read from the content storing unit 

15 370 into a plurality of partial contents Ci (i=l, 2, 3,...) 
which is each a 64-bit bit string, and generates a plurality 
of encrypted partial contents Fi (i=l, 2, 3,...) by applying 
the encryption algorithm E2 to each partial content Ci using 
the inherent key K'i as the key of the encryption algorithm 

20 E2 . Instead of these operations, in this embodiment, the 
encryption unit 360 receives the transformed key from the 
conversion unit 392, divides the content read from the 
content storing unit 370 into a plurality of partial contents 
Ci (i=l, 2, 3,...) which is each a 64-bit bit string, and 

25 generates a plurality of encrypted partial contents Fi (i=l, 
2, 3,...) by applying the encryption algorithm E2 to each 
partial content Ci using the transformed key as the key of 
the encryption algorithm E2 . 
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3.9.2 Memory Card Reader 4Q0h 

The memory card reader 400h differs from the memory 
card reader 400 in that the memory card reader 400h further 
includes a conversion unit 492 and a user key input unit 493. 
5 Also, the decryption unit 4 60 of the memory card reader 40 Oh 
differs from that of the memory card reader 400 . Other 
elements of the memory card reader 400h are respectively the 
same as those of the memory card reader 400. 

(1) User Key Input Unit 4 93 

10 The user key input unit 4 93 receives a user key from 

a user and outputs the user key to the conversion unit 4 92, 
like the user key input unit 393. 

(2) Conversion Unit 4 92 

The conversion unit 4 92 first reads the inherent key 
15 K'i from the media inherent key storing unit 423 and receives 
the user key from the user key input unit 493. 

The conversion unit 392 then generates a transformed 
key by performing a predetermined calculation on the inherent 
key K'i and the user key. Here, the predetermined 
20 calculation is an exclusive disjunction. 

The conversion unit 492 finally outputs the 
transformed key to the decryption unit 460. 

(3) Decryption Unit 460 

In the above examples, the decryption unit 4 60 reads 
25 the inherent key K'i from the media inherent key storing unit 
423, divides the encrypted content read from the content 
storing unit 470 into a plurality of encrypted partial 
contents Gi (i=l, 2, 3,...) which is each a 64-bit bit 



string, and generates a plurality of partial contents Hi 
(i=l, 2, 3,...) by applying the decryption algorithm D2 to 
each encrypted partial content Gi using the inherent key K'i 
as the key of the decryption algorithm D2 . Instead of these 
5 operations, in this embodiment, the decryption unit 460 
receives the transformed key from the conversion unit 492, 
divides the encrypted content read from the content storing 
unit 470 into a plurality of encrypted partial contents Gi 
(i=l, 2, 3,...) which is each a 64-bit bit string, and 
10 generates a plurality of partial contents Hi (i=l, 2, 3,...) 
by applying the decryption algorithm D2 to each encrypted 
partial content Gi using the transformed key as the key of 
the decryption algorithm D2 . 

15 3.9.3 Operation of Digital Content Protection System IQOh 

The following is a description of the operation of 
the digital content protection system lOOh. 

The authentication operations in the case where the 
memory card 200 is placed in the memory card writer 300h and 
20 in the case where the memory card 200 is placed in the memory 
card reader 400h are the same as those performed in the 
digital content protection system 100 and are not described 
here . 

The following description concerns the operation 
25 outlines in the case where the memory card 200 is placed in 
the memory card writer 300h and in the case where the memory 
card 200 is placed in the memory card reader 400h. 
(1) Operation Outline in the Case Where Memory Card 200 Is 
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Placed in Memory Card Writer 300h 

When the memory card 2 00 is placed in the memory card 
writer 300h, the operation in the flowchart shown in Fig. 7 
is also performed. However, the different operation is 
5 performed in step S114 in the digital content protection 
system lOOh and is described below with reference to the 
flowchart shown in Fig. 27. 

The user key input unit 393 receives a user key from 
a user and outputs the user key to the conversion unit 392 

10 (step SlOOh) . The conversion unit 392 reads the inherent key 
K'i from the media inherent key storing unit 323, receives 
the user key from the user key input unit 393, generates a 
transformed key by performing the predetermined calculation 
on the inherent key K'i and the user key, and outputs the 

15 transformed key to the encryption unit 360 (step SlOlh) . The 
encryption unit 360 receives the transformed key from the 
conversion unit 392, divides the content read from the 
content storing unit 370 into a plurality of partial contents 
Ci (i=l, 2, 3,...) which is each a 64-bit bit string, 

20 generates a plurality of encrypted partial contents Fi (i=l, 
2, 3,...) by applying the encryption algorithm E2 to each 
partial content Ci using the transformed key as the key of 
the encryption algorithm E2, and outputs the plurality of 
encrypted partial contents Fi to the communication unit 340 

25 (step S102h) . The communication unit 340 outputs the 
plurality of encrypted partial contents Fi to the 
communication unit 270 of the memory card 200 (step S103h) . 
(2) Operation Outline in the Case Where Memory Card 200 Is 
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Placed in Memory Card Reader 4 0 Oh 

When the memory card 200 is placed in the memory card 
reader 4 00h, the operation in the flowchart shown in Fig. 8 
is also performed. However, the different operation is 
5 performed in step S125 in the digital content protection 
system lOOh and is described below with reference to the 
flowchart shown in Fig. 28. 

The user key input unit 4 93 receives a user key from 
a user and outputs the user key to the conversion unit 492 

10 (step Slllh) . The conversion unit 4 92 reads the inherent key 
K'i from the media inherent key storing unit 423, receives 
the user key from the user key input unit 4 93, generates a 
transformed key by performing the predetermined calculation 
on the inherent key K'i and the user key, and outputs the 

15 transformed key to the decryption unit 4 60 (step S112h) . The 
decryption unit 4 60 receives the transformed key from the 
conversion unit 4 92, divides the encrypted content read from 
the content storing unit 470 into a plurality of encrypted 
partial contents Gi (i=l, 2, 3,...) which is each a 64-bit 

20 bit string, and generates a plurality of partial contents Hi 
(i=l, 2, 3,...) by applying the decryption algorithm D2 to 
each encrypted partial content Gi using the transformed key 
as the key of the decryption algorithm D2 (step S113h) . 

25 3.9.5 C onclusion 

The users can encrypt contents and decrypt the 
encrypted contents using user keys set by themselves. 
Therefore, the digital content protection system of this 
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embodiment protects contents owned by the users. That is, 
the present digital content protection system prevents such 
contents from being decoded by others. 



5 3.10 Ninth Embodiment 

The digital content protection system lOOi of this 
embodiment includes a memory card 200i, a memory card writer 
3001, and a memory card reader 400i. These elements are 
shown in Figs. 2 9 and 30. 

10 The memory card 200i, the memory card writer 300i, 

and the memory card reader 4 00i are respectively similar to 
the memory card 200, the memory card writer 3 00, and the 
memory card reader 4 00 of the digital content protection 
system 100. Therefore, the following description centers on 

15 the different aspects of these elements. 

3.10.1 Memory Card Writer 300i 

The memory card writer 300i differs from the memory 
card writer 300 in that the memory card writer 300i further 

20 includes an encryption unit 365 and a file key generating 
unit 366. Also, the control unit 350, the content download 
unit 380, the content storing unit 370, the encryption unit 
360, and the communication unit 340 of the memory card writer 
300i differ from those of the memory card writer 300. Other 

25 elements of the memory card writer 300i are respectively the 
same as those of the memory card writer 300 and are not 
described here. 
(1) Control unit 350 
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The control unit 350 outputs a download signal to the 
content download unit 380 and outputs a generation signal to 
the file key generating unit 366. The download signal 
instructs the content download unit 380 to download a content 
5 from the outside as a file. The generation signal instructs 
the file key generating unit 366 to generate a file key for 
each file of the downloaded contents. 

(2) Content Download Unit 38 0 

The content download unit 380 downloads a content as 
10 a file. Here, the file means a collection of data under a 
certain rule. When the downloaded contents are music data, 
for instance, one file is generated for a piece of music. 

(3) Content Storing Unit 370 

The content storing unit 370 holds the downloaded 
15 content as a file. 

(4) File Key Generating Unit 366 

The file key generating unit 366, on receiving the 
generation signal from the control unit 350, generates a 56- 
bit file key at random for a file. The file key generating 
20 unit 366 then outputs the file key to the encryption units 
365 and 360. 

It should be noted here that in this embodiment, file 
keys are generated at random. However, the file key 
generating unit 366 may receives file keys from a user. 
25 (5) Encryption Unit 365 

The encryption unit 365 prestores an encryption 
algorithm E5 that conforms to DES . 

The encryption unit 3 65 first reads the inherent key 
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K'i from the media inherent key storing unit 323 and receives 
a file key from the file key generating unit 366. 

The encryption unit 365 then generates an encrypted 
file key by applying the encryption algorithm E5 to the file 
5 key using the inherent key K'i as the key of the encryption 
algorithm E5. 

The encryption unit 3 65 finally outputs the encrypted 
file key to the communication unit 34 0. 

(6) Encryption Unit 360 

10 In the above embodiments, the encryption unit 3 60 

reads the inherent key K'i from the media inherent key 
storing unit 323, divides the content read from the content 
storing unit 370 into a plurality of partial contents Ci 
(i=l, 2, 3,...) which is each a 64-bit bit string, and 

15 generates a plurality of encrypted partial contents Fi (i=l, 
2, 3,...) by applying the encryption algorithm E2 to each 
partial content Ci using the inherent key K'i as the key of 
the encryption algorithm E2 . Instead of these operations, in 
this embodiment, the encryption unit 360 reads a content of 

20 a file, receives a file key from the file key generating unit 
366, divides the read content into a plurality of partial 
contents Ci (i=l, 2, 3,...) which is each a 64-bit bit 
string, and generates a plurality of encrypted partial 
contents Fi (i=l, 2, 3,...) by applying the encryption 

25 algorithm E2 to each partial content Ci using the file key as 
the key of the encryption algorithm E2 . 

(7) Communication Unit 34 0 

The communication unit 340 receives the encrypted 
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file key from the encryption unit 365 and outputs the 
encrypted file key to the communication unit 27 0. 

3.10.2 Memory Card 200i 
5 The communication unit 27 0 and the encrypted content 

storing unit 260 of the memory card 200i differ from those of 
the memory card 200. Therefore, these elements are described 
below . 

(1) Communication Unit 27 0 

10 The communication unit 270 receives the encrypted 

file key from the communication unit 34 0 and outputs the 
encrypted file key to the encrypted content storing unit 2 60 
(the encrypted file key outputted to the encrypted content 
storing unit 260 are shown as an encrypted file key 261 in 

15 Fig. 29) . 

The communication unit 27 0 also reads the encrypted 
file key 2 61 from the encrypted content storing unit 2 60 and 
outputs the encrypted file key 2 61 to the communication unit 
440 of the memory card reader 400i. 

20 (2) Encrypted Content Storing Unit 260 

The encrypted content storing unit 2 60 receives the 
encrypted file key 2 61 from the communication unit 270 and 
holds the encrypted file key 261. 

The encrypted content storing unit 2 60 also holds the 

25 encrypted partial contents Fi sent from the communication 
unit 270 (the encrypted partial contents Fi sent from the 
communication unit 270 are shown as encrypted files 262 in 
Fig. 29) . 
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3.10.3 Memory Card Reader 4 00i 

The memory card reader 4 00i differs from the memory 
card reader 400 in that the memory card reader 400i further 
includes a decryption unit 4 65. Also, the communication unit 

5 440 and the decryption unit 4 60 of the memory card reader 
400i differ from those of the memory card reader 4 00. Other 
elements of the memory card reader 4 00i are respectively the 
same as those of the memory card reader 4 00 and are not 
described here. 

10 (1) Communication Unit 440 

The communication unit 44 0 receives the encrypted 
file key from the communication unit 27 0 and outputs the 
encrypted file key to the decryption unit 465. 
(2) Decryption Unit 4 65 

15 The decryption unit 4 65 prestores a decryption 

algorithm D5 that conforms to DES . 

Here, the relation between the encryption algorithm 
E5 prestored in the encryption unit 365 and the decryption 
algorithm D5 can be expressed by Formula 17 give below. 

20 

<Formula 17> 

E5=crpt (D5) 

The decryption unit 4 65 first reads the inherent key 
25 K'i from the media inherent key storing unit 423 and receives 
the encrypted file key from the communication unit 440. 

The decryption unit 4 65 then generates a file key by 
applying the decryption algorithm D5 to the encrypted file 
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key using the inherent key K'i as the key of the decryption 
algorithm D5. 

The decryption unit 4 65 finally outputs the file key 
to the decryption unit 4 60. 
5 (3) Decryption Unit 460 

In the above examples, the decryption unit 4 60 reads 
the inherent key K'i from the media inherent key storing unit 
423, divides the encrypted content read from the content 
storing unit 470 into a plurality of encrypted partial 

10 contents Gi (i=l, 2, 3,...) which is each a 64-bit bit 
string, and generates a plurality of partial contents Hi 
(i=l, 2, 3,...) by applying the decryption algorithm D2 to 
each encrypted partial content Gi using the inherent key K'i 
as the key of the decryption algorithm D2 . Instead of these 

15 operations, in this embodiment, the decryption unit 460 
receives the file key from the decryption unit 4 65, divides 
the encrypted content read from the content storing unit 470 
into a plurality of encrypted partial contents Gi (i=l, 2, 
3,...) which is each a 64-bit bit string, and generates a 

20 plurality of partial contents Hi (i=l, 2, 3,...) by applying 
the decryption algorithm D2 to each encrypted partial content 
Gi using the file key as the key of the decryption algorithm 
D2. 

25 3.10.4 Operation of Digital Content Protection System lOOi 
The following is a description of the operation of 
the digital content protection system 1001. 

The authentication operations in the case where the 
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memory card 200i is placed in the memory card writer 300i and 
in the case where the memory card 200i is placed in the 
memory card reader 400i are the same as those performed in 
the digital content protection system 100 and are not 
5 described here. The following description concerns the 
operation outlines in the case where the memory card 200i is 
placed in the memory card writer 300i and in the case where 
the memory card 200i is placed in the memory card reader 
400i. 

10 (1) Operation Outline in the Case Where Memory Card 200i Is 
Placed in Memory Card Writer 300i 

When the memory card 2 0 0i is placed in the memory 
card writer 300i, the operation in the flowchart shown in 
Fig. 7 is also performed. However, the different operation 

15 is performed in step S114 in the digital content protection 
system 100 and is described below with reference to the 
flowchart shown in Fig. 31. 

On receiving a generation signal, the file key 
generating unit 366 generates a 64-bit file key at random, 

20 outputs the file key to the decryption unit 365. The 
encryption unit 365 receives the file key from the file key 
generating unit 366, reads the inherent key K'i from the 
media inherent key storing unit 323, generates an encrypted 
file key by applying the encryption algorithm E5 to the file 

25 key using the inherent key K'i as the key of the encryption 
algorithm E5, and outputs the encrypted file key to the 
communication unit 340 (step SlOOi) . The communication unit 
340 receives the encrypted file key from the encryption unit 
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365 and outputs the encrypted file key to the communication 
unit 270 (step SlOli) . The encryption unit 360 receives the 
file key from the file key generating unit 366, and divides 
the content read from the content storing unit 370 into a 
5 plurality of partial contents Ci (i=l, 2, 3,...) which is 
each a 64-bit bit string, generates a plurality of encrypted 
partial contents Fi (i=l, 2, 3,...) by applying the 
encryption algorithm E2 to each partial content Ci using the 
file key as the key of the encryption algorithm E2 (step 
10 Sl02i) . The communication unit 34 0 receives the plurality of 
encrypted partial contents Fi from the encryption unit 360 
and outputs the plurality of encrypted partial contents Fi to 
the communication unit 270 of the memory card 200i (step 
S103i) - 

15 (2) Operation Outline in the Case Where Memory Card 200i Is 
Placed in Memory Card Reader 4 00i 

When the memory card 200i is placed in the memory 
card reader 400i, the operation in the flowchart shown in 
Fig. 8 is also performed. However, the different operation 

20 is performed in step S125 in the digital content protection 
system lOOi and is described below with reference to the 
flowchart shown in Fig. 32. 

The communication unit 440 receives the encrypted 
file key from the communication unit 270 and outputs the 

25 encrypted file key to the decryption unit 4 65. The 
decryption unit 4 65 receives the encrypted file key from the 
communication unit 440, reads the inherent key K'i from the 
media inherent key storing unit 423, generates the file key 
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by applying the decryption algorithm D5 to the encrypted file 
key using the inherent key K'i as the key of the decryption 
algorithm D5, and outputs the file key to the decryption unit 
460 (step Sllli) . The decryption unit 460 receives the file 
5 key from the decryption unit 4 65, divides the encrypted 
content read from the content storing unit 470 into a 
plurality of encrypted partial contents Gi (i=l, 2, 3,...) 
which is each a 64-bit bit string, and generates a plurality 
of partial contents Hi (i=l, 2, 3,...) by applying the 
10 decryption algorithm D2 to each encrypted partial content Gi 
using the file key as the key of the decryption algorithm D2 
(step S112i) . 

3.10.5 Conclusion 

15 As described above, when a recording medium device is 

connected to an access device that is a memory card writer, 
each of the devices judges whether the other device is an 
authenticated device. If the judgement result is 
affirmative, the access device encrypts a digital content 

20 using file keys and writes the encrypted digital content into 
the recording medium device. More specifically, the access 
device generates file keys for respective files of the 
digital content, encrypts the file keys using an inherent key 
that has been secretly sent from the recording medium device, 

25 encrypts the files of the digital content using the file 
keys, and sends the encrypted file keys and the encrypted 
files to the recording medium device. The recording medium 
device receives the encrypted file keys and the encrypted 
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files from the access device and holds them. 

Also, when the recording medium device that holds the 
encrypted file keys and the encrypted files is connected to 
an access device that is a memory card reader, each of the 
5 devices judges whether the other device is an authenticated 
device. If the judgement result is affirmative, the access 
device decrypts the encrypted files and reproduces the 
decrypted files. More specifically, the recording medium 
device outputs the encrypted file keys and the encrypted 

10 files to the access device. The access device receives the 
encrypted file keys and the encrypted files from the 
recording medium device, decrypts the encrypted file keys 
using an inherent key that has been secretly sent from the 
recording medium device, decrypts the encrypted files using 

15 the decrypted file keys, and reproduces the decrypted 
files . 

In this manner, the digital content protection system 
of this embodiment generates a file key inherent in each file 
of downloaded contents and encrypts the files using the file 

20 keys. Because this makes it difficult for third parties to 
intercept files, the present digital content protection 
system achieves a high security for the files. 

It should be noted here that the digital content 
protection system lOOi may be modified as follows. 

25 (1) First Modification of Digital Content Protection System 
lOOi 

Fig. 33 is a block diagram of the digital content 
protection system lOOi of the first modification. 
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As shown in this drawing, the memory card 200i 
further includes a random number seed generating unit 292 
that generates a seed. Here, the seed is an initial value of 
a random number and is, in this modification, 64-bit time 

5 data. It is preferable to use a value, such as time data, 
that changes by the hour as the seed. The random number seed 
generating unit 292 generates the seed and outputs it to the 
communication unit 270. After receiving the seed, the 
communication unit 270 outputs the seed to the communication 

10 unit 340. The communication unit 340 outputs the seed sent 
from the communication unit 270 to the file key generating 
unit 366. The file key generating unit 366 receives the seed 
from the communication unit 340, generates a random number 
using the seed, and sets the random number as a file key. 

15 Note that the file key generating unit 366 may 

generate a random number as follows. 

The file key generating unit 366 generates a cipher 
text by applying a predetermined encryption algorithm to the 
seed using a predetermined key. The file key generating unit 

20 366 then reapplies the predetermined algorithm to the cipher 
text to generate another cipher text. The file key 
generating unit 366 repeats this encryption processing by 
certain times and uses the final cipher text as the random 
number . 

25 (2) Second Modification of Digital Content Protection System 
lOOi 

Fig. 34 is a block diagram of the digital content 
protection system lOOi of the second modification. 
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As shown in this drawing, the memory card 200i of 
this modification further includes a random number seed 
generating unit 293. Like the random number seed generating 
unit 2 92, the random number seed generating unit 293 
5 generates a seed. Here, the seed is an initial value of a 
random number and is, in this modification, 64-bit time data. 
It is preferable to use a value, such as time data, that 
changes by the hour as the seed. The random number seed 
generating unit 2 93 generates a seed and outputs the seed to 

10 the mutual authentication unit 250. After receiving the 
seed, the mutual authentication unit 250 performs its 
authentication process and outputs the seed to the mutual 
authentication unit 330 via the communication units 270 and 
340. The authentication unit 330 receives the seed from the 

15 communication unit 340 and outputs the seed to the file key 
generating unit 366. The file key generating unit 366 
receives the seed from the mutual authentication unit 330, 
generates a random number using the seed, and sets the random 
number as a file key. 

20 During the authentication processing, the digital 

content protection system lOOi of the first and second 
modifications perform different processing in steps S135, 
S136, S137, and S138 in the authentication operation shown in 
Figs. 9 and 10. Therefore, the following description centers 

25 on these steps. 

In step S135, the encryption unit 252 receives a seed 
S from the random number seed generating unit 293 and 
combines the seed S with the random number Rl to generate 
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(Rl+S) that is a 128-bit bit string. The encryption unit 252 
generates an encrypted random number E2 (Ki, (Rl+S) ) by 
applying the encryption algorithm E2 to (Rl+S) using the 
inherent key Ki as the key of the encryption algorithm E2 . 
5 Here, because (Rl+S) is a 128-bit bit string, the encryption 
unit 252 divides (Rl+S) into two 64-bit blocks and encrypts 
each block. 

In step S136, the communication unit 270 outputs the 
encrypted random number E2 (Ki, (Rl+S) ) to the decryption unit 
10 333 via the communication units 270 and 340. 

In step S137, the decryption unit 333 generates D2 
(K'i,E2 (Ki, (Rl+S)) by applying the decryption algorithm D2 
to the encrypted random number E2 (Ki, (Rl+S) ) using the 
inherent key K'i as the key of the decryption algorithm D2 . 
15 The decryption unit 333 then divides D2 (K'i,E2 (Ki, (Rl+S) ) 
into two 64-bit bit strings. 

In step S138, the mutual authentication control unit 
334 judges whether the random number Rl matches the former 
one of the two 64-bit bit strings. If the comparison result 
20 is affirmative, the mutual authentication control unit 334 
judges that the memory card 200 is an authorized device; if 
not, the mutual authentication control unit 334 judges that 
the memory card 200 is an unauthorized device. If the 
comparison result is affirmative, the mutual authentication 
25 control unit 334 also determines that the latter one of the 
two 64-bit bit strings is the seed S and outputs the seed S 
to the file key generating unit 366. 

Note that in the above modification, the encryption 
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unit 252 combines the random number Rl with the seed S to 
generate (Rl+S) . However, the encryption unit 252 may divide 
the random number Rl into two bit strings, divide the seed S 
into two 32-bit bit strings, combine the former bit string of 
5 the random number Rl with the former bit string of the seed 
S in the order, and combine the latter bit string of the 
random number Rl with the latter bit string of the seed S in 
the order. 

(3) Third Modification of Digital Content Protection System 
10 lOOi 

In this modification, the downloaded content is 
divided into one or more data blocks in logical or physical 
units, each data block is encrypted and is transferred to a 
recording medium, and the encrypted data blocks are 

15 transferred from the recording medium and are decrypted. 
During encryption, data block keys that are unique to 
respective data blocks are generated, the data blocks are 
encrypted using the unique data block keys and the inherent 
key obtained after the authentication processing, and the 

20 encrypted data blocks are transferred to the recording 
medium. During decryption, the encrypted data blocks are 
transferred from the recording medium and are decrypted. 

More specifically, when each of the memory card 2 00i 
and the memory card writer 300i judges that the other device 

25 is an authenticated device, the memory card writer 300i 
divides the downloaded content into one or more data blocks, 
generates a data block key for each data block, encrypts each 
data block using the inherent key and the data block key of 
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the data block, and sends the encrypted data blocks to the 
memory card 200i. When the memory card 200i and the memory 
card reader 400i judges that they are connected to 
authenticated devices, the memory card reader 400i receives 
5 the encrypted data blocks from the memory card 200i, 
generates data block keys for respective encrypted data 
blocks, and decrypts the encrypted data blocks using the 
inherent key and the data block keys. 

With this construction, the digital content 

10 protection system of this modification generates a data block 
key unique to each data block of the downloaded content and 
encrypts the data block using the data block key. Because 
this makes it difficult for third parties to intercept data 
blocks, the present digital content protection system 

15 achieves a high security for the data blocks. 



3.11 Tenth Embodiment 

The digital content protection system lOOj of the 
present embodiment includes a memory card 200j, a memory card 

20 writer 300j, and a memory card reader 400j . These devices 
are not shown in the drawings . 

The memory card 200j secretly sends its inherent key 
to the memory card writer 300j, the memory card writer 300j 
judges whether the memory card 200j is an authorized device 

25 using the inherent key, and the memory card 200j judges 
whether the memory card writer 300j is an authorized device 
using the inherent key. Only if both of the memory card 200j 
and the memory card writer 300 j judge that the other device 
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is an authorized device, the memory card writer 300j outputs 
digital contents to the memory card 2 00j . When the memory 
card 200 j is connected to the memory card reader 400j, the 
same authentication operation is performed. 
5 The memory card 200j, the memory card writer 300 j, 

and the memory card reader 4 00j are respectively similar to 
the memory card 200, the memory card writer 300, and the 
memory card reader 400. Therefore, the following description 
centers on the different aspects of these elements. 

10 

3.11.1 Memory Card 200i 

The memory card 200j includes a master key storing 
unit 210, a media inherent key storing unit 220, a conversion 
unit 230, a media inherent key information storing unit 240, 

15 a mutual authentication unit 250, an encrypted content 
storing unit 260, a communication unit 270, and a control 
unit 280. The mutual authentication unit 250 includes a 
random number generating unit 251, a conversion unit 255, and 
a mutual authentication control unit 254. 

20 The master key storing unit 210, the media inherent 

key storing unit 220, the conversion unit 230, and the media 
inherent key information storing unit 24 0 of the memory card 
200j are respectively the same as those of the memory card 
200. Therefore, the following description concerns the 

25 different elements. 

(1) Random Number Generating Unit 251 

The random number generating unit 251 generates a 
random number R2 that is a 64-bit bit string and outputs the 
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random number R2 to the communication unit 27 0 and the 
conversion unit 255. 
(2) Conversion Unit 255 

The conversion unit 255 prestores a function fl. 
5 The conversion unit 255 receives a random number Rl 

from the communication unit 270, reads the inherent key Ki 
from the media inherent key storing unit 220, and generates 
a conversion coefficient Ql . The conversion coefficient Ql 
can be expressed by Formula 18 given below. 

10 

<Formula 18> 

Ql=fl (Ki, Rl ) 

Here, the function fl is a one-way function. The 
15 one-way function means a function having a feature that it is 
easy to calculate output values from input values but it is 
difficult to calculate input values from output values. The 
one-way function is, for instance, an encryption function. 

The conversion unit 255 outputs the conversion 
20 coefficient Ql to the communication unit 270. 

The conversion unit 255 also receives the random 
number S2 from the random number generating unit 251, reads 
the inherent key Ki from the media inherent key storing unit 
220, and generates a conversion coefficient Q2 by applying 
25 the function fl to the random number R2 using the inherent 
key Ki . The conversion coefficient Q2 can be expressed by 
Formula 19 given below. 
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<Formula 19> 

Q2=fl (Ki,R2) 



The conversion unit 255 outputs the conversion 
5 coefficient Q2 to the mutual authentication control unit 
254. 



(3) Mutual Authentication Control Unit 254 

The mutual authentication control unit 254 first 
10 receives the conversion coefficient Q2 from the conversion 
unit 255 and receives a conversion coefficient Q'2 from the 
communication unit 270. 

The mutual authentication control unit 254 then 
compares the conversion coefficient Q2 with the conversion 
15 coefficient Q'2. If the conversion coefficient Q2 matches 
the conversion coefficient Q'2, the mutual authentication 
control unit 254 judges that the memory card writer 300j or 
te memory card reader 4 00j in which the memory card 2 00j is 
placed is an authorized device; if not, the mutual 
20 authentication control unit 254 judges that the memory card 
writer 300j or the memory card reader 400j is an unauthorized 
device . 

The mutual authentication control unit 254 finally 
outputs an authentication signal showing whether the memory 
25 card writer 300j or the memory card reader 400j is an 
authorized device to the control unit 280. 

(4) Communication Unit 27 0 

The communication unit 270 reads the encrypted 
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inherent key Ji from the media inherent key information 
storing unit 240 and outputs the encrypted inherent key Ji to 
the communication unit 340 of the memory card writer 300j or 
to the communication unit 440 of the memory card reader 
5 400j. 

The communication unit 270 also receives the random 
number Rl from the communication unit 340 of the memory card 
writer 300j or the communication unit 440 of the memory card 
reader 4 00j and outputs the random number Rl to the 
10 conversion unit 255 of the mutual authentication unit 250. 

The communication unit 270 further receives the 
conversion coefficient Ql from the conversion unit 255 and 
outputs the conversion coefficient Ql to the communication 
unit 34 0 of the memory card writer 300 j or the communication 
15 unit 440 of the memory card reader 400j . 

The communication unit 27 0 also receives the random 
number R2 from the random number generating unit 251 and 
outputs the random number R2 to the communication unit 340 of 
the memory card writer 300 j or the communication unit 440 of 
20 the memory card reader 4 00j . 

The communication unit 270 also receives the 
conversion coefficient Q2 from the communication unit 34 0 of 
the memory card writer 300j or the communication unit 440 of 
the memory card reader 4 00j and outputs the conversion 
25 coefficient Q2 to the mutual authentication control unit 254 
of the mutual authentication unit 250. 

On receiving a communication termination signal from 
the control unit 280, the communication unit 270 terminates 
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the communication with the communication unit 34 0 of the 
memory card writer 300j or the communication unit 440 of the 
memory card reader 4 00 j . The communication unit 270 also 
receives the encrypted partial contents Fi (where 
5 1=1,2,3,...) from the communication unit 340 of the memory 
card writer 300j and outputs the encrypted partial contents 
Fi to the encrypted content storing unit 260. The 
communication unit 270 furthermore reads the encrypted 
partial contents Fi from the encrypted content storing unit 
10 2 60 and outputs the encrypted partial contents Fi to the 
communication unit 440 of the memory card reader 400j. 

3.11.2 Memory Card Writer 300 j 

The memory card writer 300j includes a master key 

15 storing unit 313, a media inherent key information storing 
unit 320, an inversion unit 321, a media inherent key storing 
unit 323, a mutual authentication unit 330, a communication 
unit 340, a control unit 350, an encryption unit 360, a 
content storing unit 370, and a content download unit 380. 

20 The content download unit 380 is connected to the outside via 
the communication line 10 and includes a random number 
generating unit 331, a conversion unit 335, and a mutual 
authentication control unit 334 . 

The master key storing unit 313, the media inherent 

25 key information storing unit 320, the inversion unit 321, the 
media inherent key storing unit 323, the control unit 350, 
the encryption unit 360, the content storing unit 370, and 
the content download unit 38 0 are respectively the same as 
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those of the memory card writer 300. Therefore, the 
following description centers on the different elements. 
{1) Random Number Generating Unit 331 

The random number generating unit 331 generates the 
5 random number Rl that is a 64-bit bit string and outputs the 
random number Rl to the communication unit 34 0 and the 
conversion unit 335. 
(2) Conversion Unit 335 

The conversion unit 335 prestores a function fl that 
10 is the same as that prestored in the conversion unit 255. 

The conversion unit 335 receives the random number R2 
from the communication unit 340, reads the inherent key K'i 
from the media inherent key storing unit 323, and generates 
the conversion coefficient Q'2 by applying the function fl to 
15 the random number R2 using the inherent key K'i. The 
conversion coefficient Q'2 can be expressed by Formula 20 
given below. 

<Formula 2 0> 
20 Q'2=fl (K*i,R2) 

The conversion unit 335 outputs the conversion 
coefficient Q'2 to the communication unit 340. 

The conversion unit 335 also receives the random 
25 number Rl from the random number generating unit 331, reads 
the inherent key K'i from the media inherent key storing unit 
323, and generates the conversion coefficient Q'l by applying 
the function fl to the random number Rl using the inherent 
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key K'i. The conversion coefficient Q'l can be expressed by- 
Formula 21 given below. 



<Formula 21> 

Q'l=fl (K'i,Rl) 

The conversion unit 335 outputs the conversion 
coefficient Q'l to the mutual authentication control unit 
334. 

(3) Mutual Authentication Control Unit 334 

The mutual authentication control unit 334 first 
receives the conversion coefficient Q'l from the conversion 
unit 335 and receives the conversion coefficient Ql from the 
communication unit 340. 

The mutual authentication control unit 334 then 
compares the conversion coefficient Q'l with the conversion 
coefficient Ql . If the conversion coefficient Q'l matches 
the conversion coefficient Ql, the mutual authentication 
control unit 334 judges that the memory card 200j that is 
placed in the memory card writer 300j is an authorized 
device; if not, the mutual authentication control unit 334 
judges that the memory card 200 j is an unauthorized device. 

The mutual authentication control unit 334 finally 
outputs an authentication signal showing whether the memory 
card 200j is an authorized device to the control unit 350. 

(4) Communication Unit 340 

The communication unit 34 0 receives the encrypted 
inherent key Ji from the communication unit 27 0 and outputs 
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the encrypted inherent key Ji to the media inherent key 
information storing unit 32 0. 

The communication unit 340 also receives the random 
number Rl from the random number generating unit 331 and 
5 outputs the random number Rl to the communication unit 270 of 
the memory card 200j . 

The communication unit 340 further receives the 
conversion coefficient Ql from the communication unit 270 of 
the memory card 200j and outputs the conversion coefficient 
10 Ql to the mutual authentication control unit 334 of the 
mutual authentication unit 330. 

The communication unit 34 0 also receives the random 
number R2 from the communication unit 2 70 of the memory card 
200j and outputs the random number R2 to the conversion unit 
15 335 of the mutual authentication unit 330. 

The communication unit 340 also receives the 
conversion coefficient Q T 2 from the conversion unit 335 and 
outputs the conversion coefficient Q'2 to the communication 
unit 270 of the memory card 200j . 
20 On receiving a communication termination signal from 

the control unit 350, the communication unit 340 terminates 
the communication with the communication unit 27 0 of the 
memory card 200j . The communication unit 340 also receives 
the encrypted partial contents Fi (where i=l,2,3,...) from 
25 the encryption unit 3 60 and outputs the encrypted partial 
contents Fi to the communication unit 27 0 of the memory card 
200j . 
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3.11.3 Memory Card Reader 400i 

The memory card reader 400j includes a master key 
storing unit 413, a media inherent key information storing 
unit 420, an inversion unit 421, a media inherent key storing 
5 unit 423, a mutual authentication unit 430, a communication 
unit 440, a control unit 450, a decryption unit 460, a 
content storing unit 470, a reproduction unit 480, and an 
operation unit 490. The mutual authentication unit 430 
includes a random number generating unit 431, a conversion 

10 unit 435, and a mutual authentication control unit 434. 

The master key storing unit 413, the media inherent 
key information storing unit 420, the inversion unit 421, the 
media inherent key storing unit 423, the control unit 450, 
the decryption unit 4 60, the content storing unit 47 0, the 

15 reproduction unit 480, and the operation unit 490 are 
respectively the same as those of the memory card reader 400 
and are not described here. Also, the communication unit 
440, the random number generating unit 431, the conversion 
unit 435, and the mutual authentication control unit 434 are 

20 respectively the same as the communication unit 340, the 
random number generating unit 331, the conversion unit 335, 
and the mutual authentication control unit 334 of the memory 
card writer 300 j and are not described here. 

25 3.11.4 Operation of Digital Content Protection System 100 j 
The following is a description of the operation of 
the digital content protection system 100 j . 

The operation outlines in the case where the memory 



121 



card 200j is placed in the memory card writer 300j and in the 
case where the memory card 200j is placed in the memory card 
reader 400j are the same as those performed in the digital 
content protection system 100 and are not described here. 
5 The authentication operation in the case where the memory 
card 200j is placed in the memory card writer 300j is 
described in detail below. Note that the same authentication 
operation is performed in the case where the memory card 200 j 
is placed in the memory card reader 4 00j and is not described 
10 here. 

(1) Authentication Operation in Case Where Memory Card 200 j 
Is Placed in Memory Card Writer 300j 

The authentication operation in the case where the 
memory card 200j is placed in the memory card writer 300j is 

15 described in detail below with reference to Fig. 35. 

Steps S130-S134 are the same those in Fig. 9 and are 
not described here. 

The conversion unit 335 receives the random number Rl 
from the random number generating unit 331, reads the 

20 inherent key K'i from the media inherent key storing unit 
323, generates the conversion coefficient Q'l by applying the 
function fl to the random number Rl using the inherent key 
K'i, and outputs the conversion coefficient Q'l to the mutual 
authentication control unit 334 (step S162). 

25 The conversion unit 255 receives the random number Rl 

from the communication unit 270, reads the inherent key Ki 
from the media inherent key storing unit 220, generates the 
conversion coefficient Ql by applying the function fl to the 
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random number Rl using the inherent key Ki (step S161), and 
outputs the conversion coefficient Ql to the mutual 
authentication control unit 334 via the communication units 
270 and 340 (step S163) . 
5 The mutual authentication control unit 334 compares 

the conversion coefficient Q'l with the conversion 
coefficient Ql . If the conversion coefficient Q'l matches 
the conversion coefficient Ql, the mutual authentication 
control unit 334 judges that the memory card 2 00j is an 
10 authorized device; if not, the mutual authentication control 
unit 334 judges that the memory card 200j is an unauthorized 
device (step S164) . 

The random number generating unit 251 generates the 
random number R2 (step S165) , and outputs the random number 
15 R2 to the conversion unit 335 via the communication units 270 
and 340 (step S166) . 

The conversion unit 335 receives the random number R2 
from the communication unit 340, reads the inherent key K'i 
from the media inherent key storing unit 323, and generates 
20 the conversion coefficient Q'2 by applying the function fl to 
the random number R2 using the inherent key K'i (step 
S168) . 

The conversion unit 335 then outputs the conversion 
coefficient Q'2 to the mutual authentication control unit 254 
25 via the communication units 340 and 270 (step S169) . 

The conversion unit 335 receives the random number R2 
from the random number generating unit 2 51, reads the 
inherent key Ki from the media inherent key storing unit 220, 
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and generates the conversion coefficient Q2 by applying the 
function fl to the random number R2 using the inherent key Ki 
(step S167) . 

The mutual authentication control unit 2 54 compares 
5 the conversion coefficient Q2 with the conversion coefficient 
Q'2. If the conversion coefficient Q2 matches the conversion 
coefficient Q'2, the mutual authentication control unit 254 
judges that the memory card writer 300j or the memory card 
reader 400j in which the memory card 200j is placed is an 
10 authorized device; if not, the mutual authentication control 
unit 254 judges that the memory card writer 300j or the 
memory card reader 4 00j is an unauthorized device (step 
S170) . 



15 3.11.5 Conclusion 

As described above, like the digital content 
protection system 100, the digital content protection system 
lOOj prevents an authorized device from transferring contents 
to an unauthorized device. This prevents contents that have 

20 been properly downloaded from being used without a proper 
authorization. Also, an unauthorized device cannot transfer 
contents to an authorized device. This prevents illegally 
obtained contents from being reused. 

The recording medium device secretly sends its 

25 inherent key to the access device using the master key. The 
access device decrypts the inherent key sent from the 
recording medium device using the master key, generates 
authentication information that is a random number, sends the 
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authentication information to the recording medium device, 
and applies a function to the authentication information 
using the decrypted inherent key. The recording medium 
device applies the same function as that applied by the 
5 access device to the authentication information using the 
inherent key, and sends the authentication information to 
which the function has been applied to the access device. 
The access device compares the authentication information 
generated by the access device with the authentication 

10 information sent from the recording medium. If the 
authentication information generated by the access device 
matches the authentication information sent from the 
recording medium, the access device judges that the recording 
medium device is an authorized device; if not, the access 

15 device judges that the recording medium device is an 
unauthorized device. The recording medium judges whether the 
access device is an authorized device in the same manner. By 
doing so, each of the recording medium device and the access 
device judges whether the other device is an authorized 

20 device. 

Also, unlike the digital content protection system 
100, the access device and the recording medium device 
perform the authentication operation described above using 
the inherent key prestored in the recording medium device, 
25 instead of the apparatus key prestored in the access device. 
Therefore, the access device and the recording medium device 
are not required to include memories for holding apparatus 
keys and apparatus key information, conversion units for 
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converting the apparatus keys into the apparatus key 
information, and inversion units for performing inversion 
processing. As a result, the hardware scales of the access 
device and the recording medium device are reduced. 

5 

3.12 Other Modifications 

(1) In the above examples, the digital content protection 
system includes a memory card, a memory card writer, and a 
memory card reader. However, the digital content protection 

10 system does not need to include all of these devices. That 
is, the digital content protection system may only include a 
memory card and a memory card writer or may only include a 
memory card and a memory card reader. 

(2) In the above examples, after a recording medium 
15 device, such as a memory card, is connected to an access 

device, such as a memory card writer and a memory card 
reader, each of the recording medium device and the access 
device judges whether the other device is an authenticated 
device. Only if both of these devices judges that they are 
20 connected to authenticated devices, digital contents are 
transferred between the recording medium device and the 
access device. However, the following operation may be 
performed. 

When contents are sent from the access device to the 
25 recording medium device, the access device judges whether the 
recording medium device is an authentication device and, only 
if the judgement result is affirmative, sends the contents to 
the recording medium device. In this case, the recording 
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medium device does not judge wether the access device is an 
authorized device. 

On the other hand, when contents are sent from the 
recording medium device to the access device, the recording 
5 medium device judges wether the access device is an 
authorized device and, only if the judgement result is 
affirmative, the recording medium device sends the contents 
to the access device. In this case, the access device does 
not judge whether the recording medium device is an 

10 authorized device. 

This modification is based on the concept that the 
authentication of a target device by a source device prevents 
contents that are properly downloaded from being used without 
proper authorization. 

15 (3) In the above examples, the access device is a memory 

card writer or a memory card reader. However, the access 
device may doubles as the memory card writer and the memory 
card reader. 

More specifically, the access device that doubles as 
20 the memory card writer and the memory card reader is 
connected to the personal computer shown in Fig. 2 and a 
memory card is inserted into the access device. With the 
personal computer 500, a user obtains contents, such as music 
data, from the outside via the communication line 10 and 
25 writes the contents in the memory card through the mediation 
of the access device. Also, with the personal computer 500, 
the user obtains contents from the memory card through the 
mediation of the access device and reproduces the obtained 
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contents . 

(4) In the above examples, the DES algorithm is used. 
However, any other cryptographic algorithm may be used. 

(5) The memory card may use an optical disc or an MO 
5 (Magneto-Optical) disc, instead of a semiconductor memory. 

(6) In the above examples, different inherent keys are 
assigned to respective recording medium devices. However, 
the present invention may be modified as follows . 

An inherent key is assigned to a group of recording 
10 medium devices and another inherent key is assigned to 
another group of recording mediums. In this case, the 
recording medium devices in each group are assigned the same 
inherent key. 

Also, an inherent key is assigned to the group of 
15 recording medium devices in one version of a product and 
another inherent key is assigned to the group of recording 
medium devices in another version. In this case, the 
recording medium devices in each group are assigned the same 
inherent key. 

20 Furthermore, an inherent key is assigned to the group 

of recording medium devices produced by a manufacturer and 
another inherent key is assigned to the group of recording 
medium produced by another manufacturer. In this case, the 
recording medium devices in each group are assigned the same 

25 inherent key. 

(7) When both of a recording medium device and an access 
device that is a memory card writer judge that the other 
device is an authorized device, the user key may be used to 
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encrypt and decrypt digital contents in the manner described 
below. 

When the recording medium device is connected to the 
access device, the access device receives a user key from a 

5 user, generates a file key for each file of a digital 
content, and generates a transformed key for each file by 
performing a predetermined calculation, such as the exclusive 
disjunction on the file key using the user key. The access 
device encrypts the files using the transformed keys and 

10 outputs the encrypted files and the transformed keys to the 
recording medium device . The recording medium device 
receives the encrypted files and the transformed keys from 
the access device and holds them. 

When the recording medium device that holds the 

15 encrypted files and the transformed keys is connected to an 
access device that is a memory card reader, the recording 
medium device outputs the encrypted files and the transformed 
keys to the access device. The access device receives the 
encrypted files and the transformed keys from the recording 

20 medium device, receives a user key from a user, generates a 
file key for each of the encrypted files by performing an 
inverse calculation of the predetermined calculation on the 
transformed key using the user key, decrypts the encrypted 
files using the generated file keys, and reproduces the 

25 decrypted files. 

(8) The present invention may be achieved by a computer- 

readable recording medium that records a program for having 
a computer perform the operation of the present digital 
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content protection system. Also, the present invention may- 
be achieved by computer digital signals of such a program. 

(9) The present invention may be achieved by a 
transmission media, such as a communication channel, that 

5 transmits the program for having a computer perform the 
operation of the present digital content protection system. 
Also, the present invention may be achieved by a separated 
computer system by delivering the recording medium to the 
computer system or transferring the program to the computer 
10 system via a communication channel. Furthermore, the present 
invention may be a program or computer digital signals 
transferred via a communication channel. 

(10) The embodiments described above may be combined to 
realize a modified digital content protection system. Also, 

15 parts of some embodiments may be combined to realize a 
modified digital content protection system. 

Although the present invention has been fully 
described by way of examples with reference to accompanying 
drawings, it is to be noted that various changes and 

20 modifications will be apparent to those skilled in the art. 
Therefore, unless such changes and modifications depart from 
the scope of the present invention, they should be construed 
as being included therein. 
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What is claimed is : 



1 i. A digital content protection system that enables a 

2 digital content to be used and includes a recording medium 

3 apparatus having a storage area for holding digital content 

4 information and an access apparatus that reads information 

5 from and writes information into the storage area, 

6 the digital content protection system operating 

7 according to the following phases: 

8 an authentication phase where the recording medium 

9 apparatus secretly transmits an inherent key to the access 

10 apparatus, and the recording medium apparatus and the access 

11 apparatus perform mutual authentication using the inherent 

12 key, the inherent key being information that is unique to the 

13 recording medium apparatus; and 

14 a content transfer phase, performed only when the 

15 recording medium apparatus and the access apparatus have 

16 successfully authenticated each other, where the access 

17 apparatus either (a) encrypts a digital content using the 

18 secretly transmitted inherent key and sends the encrypted 

19 digital content to the recording medium apparatus or (b) 

20 receives an encrypted digital content from the recording 

21 medium apparatus and decrypts the encrypted digital content 

22 using the secretly transmitted inherent key. 

1 2. The digital content protection system of Claim 1, 

2 wherein the recording medium apparatus includes a 

3 first calculation means, and 
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4 the access apparatus includes a first authentication 

5 information generating means and a first authentication 

6 means, 

7 wherein while the access apparatus judges whether the 

8 recording medium apparatus is legitimate in the 

9 authentication phase, 

10 the first authentication information generating means 

11 generates first authentication information and outputs the 

12 first authentication information to the recording medium 

13 apparatus, 

14 the first calculation means receives the first 

15 authentication information, generates first calculated 

16 authentication information by performing a first calculation 

17 on the received first authentication information using the 

18 inherent key, and outputs the first calculated authentication 

19 information to the access apparatus, and 

20 the first authentication means judges whether the 

21 recording medium apparatus is legitimate from the first 

22 authentication information and the first calculated 

23 authentication information using the secretly transmitted 

24 inherent key. 

1 3. The digital content protection system of Claim 2, 

2 wherein the access apparatus includes a second 

3 calculation means, and 

4 the recording medium apparatus includes a second 

5 authentication information generating means and a second 

6 authentication means, 
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7 wherein while the recording medium apparatus judges 

8 whether the access apparatus is legitimate in the 

9 authentication phase, 

10 the second authentication information generating 

11 means generates second authentication information and outputs 

12 the second authentication information to the access medium 

13 apparatus, 

14 the second calculation means receives the second 

15 authentication information, generates second calculated 

16 authentication information by performing a second calculation 

17 on the received second authentication information using the 

18 secretly transmitted inherent key, and outputs the second 

19 calculated authentication information to the recording medium 

20 apparatus, and 

21 the second authentication means judges whether the 

22 access apparatus is legitimate from the second authentication 

23 information and the second calculated authentication 

24 information using the inherent key. 

1 4. The digital content protection system of Claim 3, 

2 wherein the recording medium apparatus further 

3 includes a first encryption means and an inherent key storing 

4 means for prestoring the inherent key, and 

5 the access apparatus further includes a first 

6 decryption means, 

7 wherein while the recording medium apparatus secretly 

8 transmits the inherent key to the access apparatus in the 

9 authentication phase, 
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10 the first encryption means generates an encrypted 

11 inherent key by applying a first encryption algorithm to the 

12 inherent key and outputs the encrypted inherent key to the 

13 access apparatus, and 

14 the first decryption means receives the encrypted 

15 inherent key and generates a decrypted inherent key by 

16 applying a first decryption algorithm to the encrypted 

17 inherent key, the first decryption algorithm being used to 

18 decrypt cipher text generated with the first encryption 

19 algorithm. 

1 5. The digital content protection system of Claim 4, 

2 wherein the recording medium apparatus further 

3 includes a first key storing means for prestoring a first 

4 key, and 

5 the access apparatus further includes a second key 

6 storing means for prestoring a second key that corresponds to 

7 the first key, 

8 wherein the first encryption means encrypts the 

9 inherent key using the first key, and 

10 the first decryption means decrypts the encrypted 

11 inherent key using the second key. 

1 6. The digital content protection system of Claim 5, 

2 wherein the first key and the second key are the same 

3 master key, and 

4 the first decryption means decrypts the encrypted 

5 inherent key using the second key that is the same as the 
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6 first key. 

1 7. The digital content protection system of Claim 5, 

2 wherein the first key is a public key that is 

3 calculated from the second key according to a public key 

4 determination algorithm of a public key cryptosystem, 

5 the first encryption algorithm is an encryption 

6 algorithm of the public key cryptosystem, and 

7 the first decryption algorithm is a decryption 

8 algorithm of the public key cryptosystem, 

9 wherein the first encryption means encrypts the 

10 inherent key according to the encryption algorithm of the 

11 public key cryptosystem using the first key that is the 

12 public key, and 

13 the first decryption means decrypts the encrypted 

14 inherent key according to the decryption algorithm of the 

15 public key cryptosystem using the second key. 

1 8. The digital content protection system of Claim 5, 

2 wherein the second key is a public key that is 

3 calculated from the first key according to a public key 

4 determination algorithm of a recovery signature processing 

5 method, 

6 the first encryption algorithm is a signature 

7 processing algorithm of the recovery signature processing 

8 method, 

9 the first encryption means generates the encrypted 
10 inherent key that is a signature text by applying the first 
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11 encryption algorithm to the inherent key using the first 

12 key, 

13 the first decryption algorithm is a verification 

14 processing algorithm of the recovery signature processing 

15 method, and 

16 the first decryption means generates the decrypted 

17 inherent key by applying the first decryption algorithm to 

18 the encrypted inherent key that is the signature text using 

19 the second key. 

1 9. The digital content protection system of Claim 4, 

2 wherein the recording medium apparatus further 

3 includes : 

4 a first master key storing means for prestoring a 

5 first master key group that includes a plurality of master 
- 6 keys; and 

7 a first selection means for selecting a master key 

8 out of the first master key group as a first key, and 

9 the access apparatus further includes: 

10 a second master key storing means for prestoring a 

11 second master key group that includes a plurality of master 

12 keys, the first master key group and the second master key 

13 group include the same plurality of master keys; and 

14 a second selection means for selecting a master key 

15 out of the second master key group as a second key, the 

16 second key being the same as the first key, 

17 wherein the first encryption means encrypts the 

18 inherent key using the master key selected as the first key, 
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19 and 

20 the first decryption means decrypts the encrypted 

21 inherent key using the master key selected as the second 

22 key. 

1 10. The digital content protection system of Claim 4, 

2 wherein the first encryption means prestores a first 

3 subgroup key, generates a transformed key by performing a 

4 first conversion on the inherent key using the first subgroup 

5 key, and generates the encrypted inherent key by applying the 

6 first encryption algorithm to the transformed key, and 

7 the first decryption means prestores a second 

8 subgroup key that is the same as the first subgroup key, 

9 generates a decrypted transformed key by applying the first 

10 decryption algorithm to the encrypted inherent key, and 

11 generates the decrypted inherent key by performing an 

12 inversion operation of the first conversion operation on the 

13 decrypted transformed key using the second subgroup key. 

1 11. The digital content protection system of Claim 4, 

2 wherein the first encryption means prestores a first 

3 subgroup key, generates a cipher text by applying the first 

4 encryption algorithm to the inherent key, and generates the 

5 encrypted inherent key by performing a first conversion 

6 operation on the cipher text using the first subgroup key, 

7 and 

8 the first decryption means prestores a second 

9 subgroup key that is the same as the first subgroup key, 
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10 generates a decryption text by performing an inverse 

11 operation of the first conversion operation on the encrypted 

12 inherent key using the second subgroup key, and generates the 

13 decrypted inherent key by applying the first decryption 

14 algorithm to the decryption text. 

1 12. The digital content protection system of Claim 4, 

2 wherein the recording medium apparatus further 

3 includes a first key storing means for prestoring a first key 

4 that is a master key, and 

5 the access apparatus further includes a second key 

6 storing means for prestoring a second key that is the same 

7 master key as the first key, 

8 wherein the first encryption means prestores a first 

9 subgroup key, generates an encrypted first key by performing 

10 a first conversion operation on the first key using the first 

11 subgroup key, and generates the encrypted inherent key by 

12 applying the first encryption algorithm to the inherent key 

13 using the encrypted first key, and 

14 the first decryption means prestores a second 

15 subgroup key that is the same as the first subgroup key, 

16 generates an encrypted second key by performing a second 

17 conversion operation, which is the same as the first 

18 conversion operation, on the second key using the second 

19 subgroup key, and generates the decrypted inherent key by 

20 applying the first decryption algorithm to the encrypted 

21 inherent key using the encrypted second key. 
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1 13. The digital content protection system of Claim 3, 

2 wherein the first authentication means includes: 

3 a third calculation means for generating third 

4 calculated authentication information by performing a third 

5 calculation that is the same as the first calculation on the 

6 first authentication information using the secretly 

7 transmitted inherent key; and 

8 a first comparison means for judging whether the 

9 first calculated authentication information matches the third 

10 calculated authentication information and, if so, determining 

11 that the recording medium apparatus is legitimate. 

1 14. The digital content protection system of Claim 13, 

2 wherein the second authentication means includes: 

3 a fourth calculation means for generating fourth 

4 calculated authentication information by performing a fourth 

5 calculation that is the same as the second calculation on the 

6 second authentication information using the inherent key; 

7 and 

8 a second comparison means for comparing the second 

9 calculated authentication information with the fourth 

10 calculated authentication information and judging, when the 

11 second calculated authentication information matches the 

12 fourth calculated authentication information, that the access 

13 apparatus is legitimate. 

1 15. The digital content protection system of Claim 14, 

2 wherein the first calculation means prestores a first 
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3 subgroup key, generates a transformed inherent key by 

4 performing a first conversion operation on the inherent key 

5 using the subgroup key, and generates the first calculated 

6 authentication information by performing the first 

7 calculation on the first authentication information using the 

8 transformed inherent key, and 

9 the third calculation means prestores a second 

10 subgroup key that is the same as the first subgroup key, 

11 generates a decrypted transformed inherent key by performing 

12 an inversion operation of the first conversion operation on 

13 the secretly transmitted inherent key using the subgroup key, 

14 and generates the third calculated authentication information 

15 by performing a calculation that is the same as the first 

16 calculation on the first authentication information using the 

17 decrypted transformed inherent key. 

1 16. The digital content protection system of Claim 14, 

2 wherein the first authentication information 

3 generating means generates a random number as the first 

4 authentication information, and 

5 the second authentication information generating 

6 means generates a random number as the second authentication 

7 information. 

1 17. The digital content protection system of Claim 3, 

2 wherein the first calculation is a first encryption 

3 algorithm, 

4 the first calculation means generates the first 
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5 calculated authentication information by applying the first 

6 encryption algorithm to the first authentication information 

7 using the inherent key, and 

8 the first authentication means generates first 

9 decrypted authentication information by applying a first 

10 decryption algorithm to the first calculated authentication 

11 information using the secretly transmitted inherent key, 

12 compares the first authentication information with the first 

13 decrypted authentication information, and judges, when the 

14 first authentication information matches the first decrypted 

15 authentication information, that the recording medium 

16 apparatus is legitimate, 

17 wherein the first decryption algorithm is used to 

18 decrypt a cipher text generated using the first encryption 

19 algorithm. 

1 18. The digital content protection system of Claim 17, 

2 wherein the second calculation is a second encryption 

3 algorithm, 

4 the second calculation means generates the second 

5 calculated authentication information by applying the second 

6 encryption algorithm to the second authentication information 

7 using the secretly transmitted inherent key, and 

8 the second authentication means generates second 

9 decrypted authentication information by applying a second 

10 decryption algorithm to the second calculated authentication 

11 information using the inherent key, compares the second 

12 authentication information with the second decrypted 
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13 authentication information, and judges, when the second 

14 authentication information matches the second decrypted 

15 authentication information, that the access apparatus is 

16 legitimate, 

17 wherein the second decryption algorithm is used to 

18 decrypt a cipher text generated using the second encryption 

19 algorithm. 

1 19. The digital content protection system of Claim 18, 

2 wherein the first calculation means prestores a first 

3 subgroup key, generates a transformed inherent key by 

4 performing a first conversion on the inherent key using the 

5 first subgroup key, and generates the first calculated 

6 authentication information by applying the first encryption 

7 algorithm to the first authentication information using the 

8 transformed inherent key, and 

9 the first authentication means prestores a second 

10 subgroup key that is the same as the first subgroup key, 

11 generates a decrypted transformed inherent key by performing 

12 an inversion operation of the first conversion on the 

13 secretly transmitted inherent key using the second subgroup 

14 key, and generates the first decrypted authentication 

15 information by applying the first decryption algorithm to the 

16 first calculated authentication information using the 

17 decrypted transformed inherent key. 

1 20. The digital content protection system of Claim 18, 

2 wherein the first authentication information 
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3 generating means generates a random number as the first 

4 authentication information, and 

5 the second authentication information generating 

6 means generates a random number as the second authentication 

7 information. 

1 21. The digital content protection system of Claim 3, 

2 wherein the storage area holds digital content 

3 information that is generated by applying an encryption 

4 algorithm to a digital content using the inherent key, 

5 the recording medium apparatus further includes an 

6 output means for reading, when the recording medium apparatus 

7 and the access apparatus have successfully authenticated each 

8 other, the digital content information from the storage area 

9 and outputting the read digital content information to the 

10 access apparatus, and 

11 the access apparatus that reads information from the 

12 storage area further includes: 

13 a content decryption means for receiving the digital 

14 content information from the recording medium apparatus and 

15 generating a decrypted digital content by applying a 

16 decryption algorithm to the digital content information using 

17 the secretly transmitted inherent key, the decryption 

18 algorithm being used to decrypt a cipher text generated using 

19 the encryption algorithm; and 

20 a reproduction means for reproducing the decrypted 

21 digital content. 



143 



1 22. The digital content protection system of Claim 3, 

2 wherein the access apparatus that writes information 

3 into the storage area further includes: 

4 a content obtaining means for obtaining a digital 

5 content from the outside; and 

6 a content encryption means for generating digital 

7 content information by applying an encryption algorithm to 

8 the obtained digital content using the secretly transmitted 

9 inherent key, and outputting the digital content information 

10 to the recording medium apparatus, 

11 wherein the storage area holds the outputted digital 

12 content information. 



1 23. The digital content protection system of Claim 1, 

2 wherein when the recording medium apparatus and the 

3 access apparatus have successfully authenticated each 

4 other, 

5 in the content transfer phase, the access apparatus 

6 either 

7 (c) generates at least one data block by dividing a 

8 digital content, generates a data block key for each data 

9 block, generates at least one encrypted data block by 

10 encrypting each data block using the secretly transmitted 

11 inherent key and a data block key that corresponds to the 

12 data block, and transfers each encrypted data block to the 

13 recording medium, or 

14 (d) receives at least one encrypted data block of an 

15 encrypted digital content from the recording medium 
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16 apparatus, generates a data block key for each data block, 

17 and generates at least one data block by decrypting each 

18 encrypted data block using the secretly transmitted inherent 

19 key and a data block key that corresponds to the encrypted 

20 data block, 

21 wherein each data block has one of a logical length 

22 and a physical length, and 

23 each encrypted data block has one of a logical length 

24 and a physical length. 

1 24. The digital content protection system of Claim 1, 

2 wherein when the recording medium apparatus and the 

3 access apparatus have successfully authenticated each 

4 other, 

5 in the content transfer phase, the access apparatus 

6 either 

7 (e) generates a file key for a file of a digital 

8 content, generates an encrypted file by encrypting the file 

9 using the secretly transmitted inherent key and the file key, 

10 and transfers the encrypted file and information concerning 

11 the file key to the recording medium, or 

12 (f ) receives, from the recording medium apparatus, an 

13 encrypted file of an encrypted digital content and 

14 information concerning a file key that corresponds to the 

15 encrypted file, generates a decrypted file by decrypting the 

16 encrypted file using the secretly transmitted inherent key 

17 and the information concerning the file key, and reproduces 

18 the decrypted file. 



145 



1 25. The digital content protection system of Claim 24, 

2 wherein when the recording medium apparatus and the 

3 access apparatus have successfully authenticated each 

4 other, 

5 in the content transfer phase, the access apparatus 

6 either 

7 (g) generates a file key for a file of a digital 

8 content, generates an encrypted file by encrypting the file 

9 using the file key, generates an encrypted file key by 

10 encrypting the file key using the secretly transmitted 

11 inherent key, and transfers the encrypted file and the 

12 encrypted file key to the recording medium, or 

13 (h) receives, from the recording medium apparatus, an 

14 encrypted file and an encrypted file key that corresponds to 

15 the encrypted file, generates a file key by decrypting the 

16 encrypted file key using the secretly transmitted inherent 

17 key, generates a decrypted file by decrypting the encrypted 

18 file using the file key, and reproduces the decrypted file. 

1 26. The digital content protection system of Claim 24, 

2 wherein the recording medium apparatus generates a 

3 seed from a current time and outputs the seed to the access 

4 apparatus, the seed being an initial value of a random 

5 number, 

6 the access apparatus receives the generated seed from 

7 the recording medium apparatus, generates the random number 

8 from the seed, and sets the random number as a file key. 
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1 27. The digital content protection system of Claim 24, 

2 wherein while the access apparatus judges whether the 

3 recording medium apparatus is legitimate in the 

4 authentication phase, 

5 the access apparatus sends the first authentication 

6 information to the recording medium apparatus, 

7 the recording medium apparatus generates a seed from 

8 a current time, generates a combination result by combining 

9 the seed with the first authentication information, generates 

10 an encrypted combination result by encrypting the combination 

11 result using the inherent key, and sends the encrypted 

12 combination result to the access apparatus, the seed being an 

13 initial value of a random number, and 

14 the access apparatus generates a decrypted seed and 

15 first decrypted authentication information by decrypting the 

16 encrypted combination result using the secretly transmitted 

17 inherent key, judges whether the first authentication 

18 information matches the first decrypted authentication 

19 information, and, if so, determines that the recording medium 

20 apparatus is legitimate, and 

21 in the content transfer phase, the access apparatus 

22 generates the random number from the decrypted seed and sets 

23 the random number as a file key. 

1 28. The digital content protection system of Claim 1, 

2 wherein when the recording medium apparatus and the 

3 access apparatus have successfully authenticated each 
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4 other, 

5 in the content transfer phase, the access apparatus 

6 either 

7 (i) receives a user key from an operator, generates 

8 a transformed key from the user key and the secretly 

9 transmitted inherent key, generates an encrypted digital 

10 content by encrypting a digital content using the transformed 

11 key, and transfers the encrypted digital content to the 

12 recording medium, or 

13 (j) receives an encrypted digital content from the 

14 recording medium apparatus, generates a transformed key from 

15 a user key inputted from an operator and the secretly 

16 transmitted inherent key, and generates a decrypted digital 

17 content by decrypting the encrypted digital content using the 

18 transformed key. 

1 29. The digital content protection system of Claim 1, 

2 wherein when the recording medium apparatus and the 

3 access apparatus have successfully authenticated each 

4 other, 

5 in the content transfer phase, the access apparatus 

6 either 

7 (k) receives a user key from an operator, generates 

8 a file key for a file of a digital content, generates a 

9 transformed key from the user key and the file key, generates 

10 an encrypted file by encrypting the file using the 

11 transformed key, and transfers the encrypted file and the 

12 transformed key to the recording medium, or 
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13 (1) receives, from the recording medium apparatus, an 

14 encrypted file and a transformed key that corresponds to the 

15 encrypted file, receives a user key from an operator, 

16 generates a file key from the user key and the transformed 

17 key, generates a decrypted file by decrypting the encrypted 

18 file using the file key, and reproduces the decrypted file. 

1 30. The digital content protection system of Claim 1, 

2 wherein while the recording medium apparatus judges 

3 whether the access apparatus is legitimate in the 

4 authentication phase, 

5 the recording medium apparatus sends second 

6 authentication information to the access apparatus, 

7 the access apparatus generates encrypted second 

8 authentication information by encrypting the second 

9 authentication information using a master key and sends the 

10 encrypted second authentication information to the recording 

11 medium apparatus, and 

12 the recording medium apparatus generates decrypted 

13 second authentication information by decrypting the encrypted 

14 second authentication information using a master key, judges 

15 whether the second authentication information matches the 

16 decrypted second authentication information, and, if so, 

17 determines that the access apparatus is legitimate. 

1 31. The digital content protection system of Claim 1 

2 further includes an encrypted inherent key generation 

3 apparatus, 
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4 wherein the digital content protection system further 

5 operates according to an encrypted inherent key setting phase 

6 where the encrypted inherent key generation apparatus 

7 generates an encrypted inherent key by encrypting the 

8 inherent key sent from the recording medium apparatus and 

9 sends the encrypted inherent key to the recording medium 

10 apparatus, and the recording medium apparatus holds the 

11 encrypted inherent key sent from the encrypted inherent key 

12 generation apparatus, 

13 wherein in the authentication phase, the recording 

14 medium apparatus sends the encrypted inherent key to the 

15 access apparatus, and the access apparatus generates a 

16 decrypted inherent key by decrypting the encrypted inherent 

17 key secretly sent from the recording medium apparatus and 

18 judges whether the recording medium apparatus is legitimate 

19 using the decrypted inherent key. 

1 32 . A recording medium apparatus that has a storage area 

2 for holding digital content information and is used in a 

3 digital content protection system, 

4 wherein the digital content protection system enables 

5 a digital content to be used and further includes an access 

6 apparatus that reads information from and writes information 

7 into the storage area, and 

8 the digital content protection system operates 

9 according to the following phases: 

10 an authentication phase where the recording medium 

11 apparatus secretly transmits an inherent key to the access 
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12 apparatus, and the recording medium apparatus and the access 

13 apparatus perform mutual authentication using the inherent 

14 key, the inherent key being information that is unique to the 

15 recording medium apparatus; and 

16 a content transfer phase, performed only when the 

17 recording medium apparatus and the access apparatus have 

18 successfully authenticated each other, where the access 

19 apparatus either (a) encrypts a digital content using the 

20 secretly transmitted inherent key and sends the encrypted 

21 digital content to the recording medium apparatus or (b) 

22 receives an encrypted digital content from the recording 

23 medium apparatus and decrypts the encrypted digital content 

24 using the secretly transmitted inherent key. 

1 33. The recording medium apparatus of Claim 32, 

2 wherein the recording medium apparatus includes a 

3 first calculation means, and 

4 the access apparatus includes a first authentication 

5 information generating means and a first authentication 

6 means, 

7 wherein while the access apparatus judges whether the 

8 recording medium apparatus is legitimate in the 

9 authentication phase, 

10 the first authentication information generating means 

11 generates first authentication information and outputs the 

12 first authentication information to the recording medium 

13 apparatus, 

14 the first calculation means receives the first 
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15 authentication information, generates first calculated 

16 authentication information by performing a first calculation 

17 on the received first authentication information using the 

18 inherent key, and outputs the first calculated authentication 

19 information to the access apparatus, and 

20 the first authentication means judges whether the 

21 recording medium apparatus is legitimate from the first 

22 authentication information and the first calculated 

23 authentication information using the secretly transmitted 

24 inherent key. 

1 34. The recording medium apparatus of Claim 33, 

2 wherein the access apparatus includes a second 

3 calculation means, and 

4 the recording medium apparatus includes a second 

5 authentication information generating means and a second 

6 authentication means, 

7 wherein while the recording medium apparatus judges 

8 whether the access apparatus is legitimate in the 

9 authentication phase, 

10 the second authentication information generating 

11 means generates second authentication information and outputs 

12 the second authentication information to the access medium 

13 apparatus, 

14 the second calculation means receives the second 

15 authentication information, generates second calculated 

16 authentication information by performing a second calculation 

17 on the received second authentication information using the 
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18 secretly transmitted inherent key, and outputs the second 

19 calculated authentication information to the recording medium 

20 apparatus, and 

21 the second authentication means judges whether the 

22 access apparatus is legitimate from the second authentication 

23 information and the second calculated authentication 

24 information using the inherent key. 

1 35. An access apparatus that reads information from and 

2 writes information into a storage area of a recording medium 

3 apparatus and is included in a digital content protection 

4 system, 

5 wherein the storage area holds digital content 

6 information, 

7 the digital content protection system enables a 

8 digital content to be used and includes the recording medium 

9 apparatus and the access apparatus, 

10 wherein the digital content protection system 

11 operates according to the following phases: 

12 an authentication phase where the recording medium 

13 apparatus secretly transmits an inherent key to the access 

14 apparatus, and the recording medium apparatus and the access 

15 apparatus perform mutual authentication using the inherent 

16 key, the inherent key being information that is unique to the 

17 recording medium apparatus; and 

18 a content transfer phase, performed only when the 

19 recording medium apparatus and the access apparatus have 

20 successfully authenticated each other, where the access 
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21 apparatus either (a) encrypts a digital content using the 

22 secretly transmitted inherent key and sends the encrypted 

23 digital content to the recording medium apparatus or (b) 

24 receives an encrypted digital content from the recording 

25 medium apparatus and decrypts the encrypted digital content 

26 using the secretly transmitted inherent key. 

1 36. The access apparatus of Claim 35, 

2 wherein the recording medium apparatus includes a 

3 first calculation means, and 

4 the access apparatus includes a first authentication 

5 information generating means and a first authentication 

6 means, 

7 wherein while the access apparatus judges whether the 

8 recording medium apparatus is legitimate in the 

9 authentication phase, 

10 the first authentication information generating means 

11 generates first authentication information and outputs the 

12 first authentication information to the recording medium 

13 apparatus, 

14 the first calculation means receives the first 

15 authentication information, generates first calculated 

16 authentication information by performing a first calculation 

17 on the received first authentication information using the 

18 inherent key, and outputs the first calculated authentication 

19 information to the access apparatus, and 

20 the first authentication means judges whether the 

21 recording medium apparatus is legitimate from the first 
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22 authentication information and the first calculated 

23 authentication information using the secretly transmitted 

24 inherent key. 

1 37. The access apparatus of Claim 36, 

2 wherein the access apparatus includes a second 

3 calculation means, and 

4 the recording medium apparatus includes a second 

5 authentication information generating means and a second 

6 authentication means, 

7 wherein while the recording medium apparatus judges 

8 whether the access apparatus is legitimate in the 

9 authentication phase, 

10 the second authentication information generating 

11 means generates second authentication information and outputs 

12 the second authentication information to the access medium 

13 apparatus, 

14 the second calculation means receives the second 

15 authentication information, generates second calculated 

16 authentication information by performing a second calculation 

17 on the received second authentication information using the 

18 secretly transmitted inherent key, and outputs the second 

19 calculated authentication information to the recording medium 

20 apparatus, and 

21 the second authentication means judges whether the 

22 access apparatus is legitimate from the second authentication 

23 information and the second calculated authentication 

24 information using the inherent key. 
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1 38. An encrypted inherent key generating apparatus that 

2 is used in a digital content protection system, 

3 wherein the digital content protection system that 

4 enables a digital content to be used and includes a recording 

5 medium apparatus having a storage area for holding digital 

6 content information and an access apparatus that reads 

7 information from and writes information into the storage 

8 area, 

9 the digital content protection system operating 

10 according to the following phases: 

11 an encrypted inherent key setting phase where the 

12 encrypted inherent key generation apparatus generates an 

13 encrypted inherent key by encrypting the inherent key sent 

14 from the recording medium apparatus and sends the encrypted 

15 inherent key to the recording medium apparatus, and the 

16 recording medium apparatus holds the encrypted inherent key 

17 sent from the encrypted inherent key generation apparatus, 

18 wherein the inherent key is information that is unique to the 

19 recording medium apparatus; 

20 an authentication phase where the recording medium 

21 apparatus transmits the encrypted inherent key to the access 

22 apparatus, the access apparatus generates an decrypted 

23 inherent key by decrypting the encrypted inherent key 

24 transmitted from the recording medium apparatus, the 

25 recording medium apparatus judges whether the access 

26 apparatus is an authorized apparatus using the inherent key, 

27 and the access apparatus judges whether the recording medium 
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28 apparatus is an authorized apparatus using the decrypted 

29 inherent key; and 

30 a content transfer phase, performed only when the 

31 recording medium apparatus and the access apparatus have 

32 successfully authenticated each other, where the access 

33 apparatus either (a) encrypts a digital content using the 

34 decrypted inherent key and sends the encrypted digital 

35 content to the recording medium apparatus or (b) receives an 

36 encrypted digital content from the recording medium apparatus 

37 and decrypts the encrypted digital content using the 

38 decrypted inherent key. 

1 39. A digital content protection method used in a digital 

2 content protection system that enables a digital content to 

3 be used and includes a recording medium apparatus having a 

4 storage area for holding digital content information and an 

5 access apparatus that reads information from and writes 

6 information into the storage area, 

7 the digital content protection method comprising: 

8 an authentication step where the recording medium 

9 apparatus secretly transmits an inherent key to the access 

10 apparatus, and the recording medium apparatus and the access 

11 apparatus perform mutual authentication using the inherent 

12 key, the inherent key being information that is unique to the 

13 recording medium apparatus; and 

14 a content transfer step, performed only when the 

15 recording medium apparatus and the access apparatus have 

16 successfully authenticated each other, where the access 
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17 apparatus either (a) encrypts a digital content using the 

18 secretly transmitted inherent key and sends the encrypted 

19 digital content to the recording medium apparatus or (b) 

20 receives an encrypted digital content from the recording 

21 medium apparatus and decrypts the encrypted digital content 

22 using the secretly transmitted inherent key. 

1 40. A digital content protection program that is recorded 

2 on a computer-readable recording medium and is executed in a 

3 digital content protection system, 

4 wherein the digital content protection system enables 

5 a digital content to be used and includes a recording medium 

6 apparatus having a storage area for holding digital content 

7 information and an access apparatus that reads information 

8 from and writes information into the storage area, 

9 the digital content protection program comprising: 

10 an authentication step where the recording medium 

11 apparatus secretly transmits an inherent key to the access 

12 apparatus, and the recording medium apparatus and the access 

13 apparatus perform mutual authentication using the inherent 

14 key, the inherent key being information that is unique to the 

15 recording medium apparatus; and 

16 a content transfer step, performed only when the 

17 recording medium apparatus and the access apparatus have 

18 successfully authenticated each other, where the access 

19 apparatus either (a) encrypts a digital content using the 

20 secretly transmitted inherent key and sends the encrypted 

21 digital content to the recording medium apparatus or (b) 
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22 receives an encrypted digital content from the recording 

23 medium apparatus and decrypts the encrypted digital content 

24 using the secretly transmitted inherent key. 

1 41. A computer digital signal that is sent via a 

2 communication channel and includes a digital content 

3 protection program used in a digital content protection 

4 system, 

5 wherein the digital content protection system enables 

6 a digital content to be used and includes a recording medium 

7 apparatus having a storage area for holding digital content 

8 information and an access apparatus that reads information 

9 from and writes information into the storage area, 

10 the digital content protection program comprising: 

11 an authentication step where the recording medium 

12 apparatus secretly transmits an inherent key to the access 

13 apparatus, and the recording medium apparatus and the access 

14 apparatus perform mutual authentication using the inherent 

15 key, the inherent key being information that is unique to the 

16 recording medium apparatus; and 

17 a content transfer step, performed only when the 

18 recording medium apparatus and the access apparatus have 

19 successfully authenticated each other, where the access 

20 apparatus either (a) encrypts a digital content using the 

21 secretly transmitted inherent key and sends the encrypted 

22 digital content to the recording medium apparatus or (b) 

23 receives an encrypted digital content from the recording 

24 medium apparatus and decrypts the encrypted digital content 
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ABSTRACT OF THE DISCLOSURE 



The media inherent key storing unit 220 prestores an 
inherent key Ki, the conversion unit 230 generates an 
5 encrypted inherent key Ji from the inherent key read from the 
media inherent key storing unit 220, the random number 
generating unit 331 generates a random number Rl, the 
encryption unit 252 generates an encrypted random number SI, 
the decryption unit 333 generates a random number R'l from 

10 the encrypted random number Rl, and the mutual authentication 
control unit 334 compares the random number R'l with the 
random number Rl and, if the random number R'l matches the 
random number Rl, judges that the memory card 200 is an 
authorized device. If the memory card 200 and the memory 

15 card writer have successfully authenticated each other, the 
memory card writer encrypts a content using a decrypted 
inherent key. If the memory card 200 and the memory card 
reader have successfully authenticated each other, the memory 
card reader decrypts an encrypted content using the decrypted 

20 inherent key. 
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